Manage Users (main-menu)
The tabs that are available for Manage Users option in the main menu are described below.
Role Mapping
Map Gathr’s default and custom roles with your organization’s user groups managed by auth providers like Okta or LDAP for authorization.
Ensure proper role mapping to maintain authorization for users in Gathr, enabling them to perform relevant operations.
Click the ‘+’ button (Add Role Mapping) to configure role mappings.
The superuser can assign global or custom created roles to the existing LDAP/Okta groups as per the requirement.
The information and actions displayed for the listed Global Groups are explained below:
Global Groups
The global groups that are created by the superuser from main menu, cannot be deleted from the Workspace > Manage Users.
| Field | Description |
|---|---|
| Gathr Role | A drop-down option having list of all the global and custom roles. Select a role for auth provider user groups. Example: Workspace Admin, Data Analyst I, Data Analyst II, Read Only, and so on. |
| Auth Provider Group(s) | Select the user group(s) managed by LDAP or Okta to grant authorization for the selected Gathr role. |
| Action | Option to remove the role mapping entries. |
Once the role assignment for required LDAP groups is done, click on the VALIDATE option to cross-check the Provider group name and SAVE to register the changes.
Roles
This tab contains the list of the out of box global roles and the custom roles that are created using New Role option.
The out of box Global roles are:
System Admin
Workspace Admin
Data Analyst - I
Data Analyst - II
Read Only
Listing Page
The information and actions displayed on the Roles listing page are explained below:
| Field | Description |
|---|---|
| Roles | Name of the roles that are existing in Gathr. |
| Type | Type of role. Global if created from main menu and Custom if created from the workspace menu. |
| Privileges | The number of privileges that are assigned to the particular role. The assigned privileges can be viewed by clicking on the value displayed. |
| Users | The number of users that are assigned with the particular role. The list of users assigned with the particular role can be viewed by clicking on the value displayed. |
| Actions | Options to edit or delete the listed role(s). Note: The out of box roles cannot be deleted. |
Add Roles
The superuser can create new roles using the Add New Role option given on the top right side of the Roles tab.
The configuration details for creation of a new role are described in the table given below:
New Role
| Field | Description |
|---|---|
| Role Name | Unique name of the new role to be created. |
| Load Privilege by Users | Privilege(s) of the existing user(s) selected will instantly load in the Set Privilege section. For any privilege conflicts, load preference is given to Deny > Allow > Revoke. |
| Load Privilege by Roles | Privilege(s) of the existing role(s) selected will instantly load in the Set Privilege section. For any privilege conflicts, load preference is given to Deny > Allow > Revoke. |
| Description | Optional description can be provided. |
Set Privilege
Select and set the role privilege(s), or instantly load privilege(s) of the existing role(s) and user(s) with configuration options explained above. Possible options to set privileges are:
Revoke: Set by default. User(s) assigned with this role will not be able to perform the revoked action(s).
Allow: User(s) assigned with this role will be able to perform the allowed action(s) unrestricted.
Deny: User(s) assigned with this role will not be able to perform the denied action(s).
Revoke and Allow can be changed to any other privilege as required (by providing direct privilege) when the existing roles are later mapped to user(s). But, Deny privilege(s) strictly remain unchanged.
| Workspace | If the role privileges are customized in the Set Privilege section, then the privilege settings for features: Summary, Audit, Project, Cluster, Register Image and Connections can be done in the Workspace section. |
| Project | If the role privileges are customized in the Set Privilege section, then the privilege settings for features: Template, Models, Register Entities, Instances, Data Validation, Workflow, Version Control, Import Export Entities, Sandbox, Pipeline, Compute Environment, Processor Group, Dataset and Applications can be done in the Project section. |
Once the required privilege assignment is done for the new role, click on the CREATE option to register the role in Gathr.
Users
This tab contains the list of the users that are registered with Gathr.
The options available on this tab will be different for LDAP configured user management. The description clearly states the options that will be only visible when Gathr Metastore configuration is used for user management.
Listing Page
The information and actions displayed on the Users listing page are explained below:
| Field | Description |
|---|---|
| Name | Name of the existing user. |
| Workspace Name | Name of the workspace for which the user is assigned. |
| Email Id | The registered email id of the user. Note: Only applicable for Gathr Metastore configuration. |
| Assigned Roles | Type of role that is assigned to the user. |
| Actions | The actions that can be performed are: l Enable/disable user l Edit user details l Edit assigned privileges l Delete user Note: Only applicable for Gathr Metastore configuration. |
Add Users
The superuser can create new users using the New User option given on the top right side of the Users tab.
The configuration details for creation of a new user are described in the table given below:
New User
The new user configuration section is divided in two parts, namely, Add Roles and Add Users. The configuration options for both parts are explained below.
Add Roles
This is an optional part.
If the new user has to be assigned with any of the existing roles, it is possible to do so with Add Roles option.
| Field | Description |
|---|---|
| Select Roles | Privilege(s) of the role(s) selected will instantly load in the Set Privilege section. For any privilege conflicts, load preference is given to Deny > Allow > Revoke. Deny privilege(s) strictly remain unchanged, whereas any additional privilege changes will appear as ‘Direct Privileges’. |
Set Privilege
Revoke: Set by default. User(s) assigned with this role will not be able to perform the revoked action(s).
Allow: User(s) assigned with this role will be able to perform the allowed action(s) unrestricted.
Deny: User(s) assigned with this role will not be able to perform the denied action(s).
| Workspace | The role privileges for features: Summary, Audit, Project, Register Image and Connections will be visible in the Workspace section. |
| Project | The role privileges for features: Models, Register Entities, Data Validation, Workflow, Version Control, Import Export Entities, Sandbox, Pipeline, Processor Group, Compute Environment, Dataset and Applications will be visible in the Project section. |
Add User
Users selected will get assigned with the privilege(s), if configured in the Add Roles page.
| User Name | Unique name for the new user must be provided. |
| Email Id | Email Id of the new user must be provided. |
| Password | Password for the new user must be provided. |
| Confirm Password | Re-type the password. |
| Language | Choose the language, from English (US) and German (DE). |
| Configure Artifactory | The user can configure artifactory by checkmarking the checkbox. Provide Artifactory URL, Username and Password. |
Once the required configuration is done for the new user, click on the CREATE option to register the user in Gathr.
If you have any feedback on Gathr documentation, please email us!