Publishing datasets
When a user creates a new dataset, that dataset is private by default. To share, user must explicitly grant others access to the new dataset.
In principal, anyone with Manage roles and users privileges can grant dataset access to others. However, we choose to restrict this privilege to a small number of people in the organization, typically system administrators. This is because role editing is very powerful and role editors have full access to the entire system and can update any role to grant any permission to any user.
As a result, most dataset creators do not ordinarily have the Manage roles and users permission, and must place a service request so that system administrators add new datasets to the desired roles. In large organizations with multiple teams that consist of users with different responsibilities (dataset creators, dashboard creators, and dashboard viewers), access management becomes a laborious task.
Our RBAC security approach gives dataset creators an opportunity to 'publish' or share their datasets through a set of grants based on roles. They can grant access to specific roles though the Grant manage dataset, Grant manage dashboards, and Grant view dashboards permissions.
The following workflow is established to ensure that dataset creators can grant access to their datasets without having to rely on system administrators.
Before a dataset creator, Data Admin, can publish a dataset, they must have appropriate RBAC permissions, and the roles have to be assigned correctly to the members of each team. To understand how to configure the required permissions, roles, groups, and users, read RBAC setup for dataset publishing, which contains the following topics:
-
Setting the dataset recipient roles
-
Setting the dataset publisher role
-
Defining groups for teams and access levels
-
Assigning groups to roles
-
Assign users to groups
After making all necessary adjustments to the dataset, a user with a Data Admin role can publish the dataset.
Follow these steps to publish a dataset to the intended users.