Cloudera Docs

Setting the dataset publisher role

For the sake of this discussion, members of the Dataset Publisher Role have the privileges to grant dataset access to other users. This access is available in three forms:

  • Grant manage dataset
  • Grant manage dashboards
  • Grant view dashboards

The granter must have the Grant manage dataset permissions on the target dataset.

We already created three (3) dataset publishing roles (data admins) in Setting the dataset recipient roles, one each for the three organization groups: Marketing, Sales, and Operations. These are Marketing Data Admin, Sales Data Admin, and Operations Data Admin, respectively. We also created the roles for the recipients of the grants, the analysts and the visual consumers.

Here are the steps for specifying the role Marketing Data Admin:

  1. In the Roles interface, click either the name of the role, Marketing Data Admin, or the Edit icon on its role.
  2. In the Role Detail interface, click the Add Privilege button.

    The Add Privilege modal window appears.

  3. Create the following privilege:
  4. Under Component Type, select Role.
  5. From Roles(s), select Marketing Data Admin, a role we defined previously.

    Note that this enables individuals with the Marketing Data Admin role to grant privileges to others with the same role.

  6. Click Create.
  7. Leave this privilege with all options on, and click the Add Privilege button to add the next privilege.
  8. Under Component Type, select Role.
  9. From Roles(s), select Marketing Analyst, a role we defined previously.
  10. Click Create.
  11. Deselect the Grant manage dataset option for this privilege.

    This is because analysts should not be altering the dataset.

  12. Click the Add Privilege button to add the next privilege.
  13. Under Component Type, select Role.
  14. From Roles(s), select Marketing Visual Consumer, a role we defined previously.
  15. Click Create.
  16. Unselect the Grant manage dataset and Grant manage dashboards options for this privilege. This is because visual consumers can only view dashboards, and should not be altering the dataset or creating new dashboards. Therefore, this line contains only the Grant view dashboards option.
  17. Click the Add Privilege button to add the next privilege.

    This time, let us declare connection-level privileges so that the Marketing Data Admin can access connected data, build datasets, and import supplemental data. Depending on the operational structure, we may also let the users with this role manage analytical views.

  18. In the Add Privilege modal window, create the connection-level privileges necessary for the Marketing Data Admin user. This particular privilege enables access to all data available through the specified connection:
  19. Under Component Type, select Connection.
  20. From Connection(s), select Impala.
  21. Click Create.
  22. Leave this privilege with all options on (Manage analytical views, Import data, and Create datasets, explore tables).
  23. Click the Add Privilege button to add the next privilege.

    Finally, we declare dataset-level privileges. We can choose previously declared connections and limit access to a few of its datasets, or select a new connection, or choose all datasets on a connection. Here, we simply let members of the Marketing Data Admin role access all existing datasets on the Arcadia Enterprise connection.

  24. In the Add Privilege modal window, create the connection-level privileges necessary for the Marketing Data Admin user. This particular privilege enables access to all data available through the specified connection.
  25. Under Component Type, select Dataset.
  26. From Connection(s), select Arcadia Enterprise.
  27. From Dataset(s), select All datasets.
  28. Click Create.
  29. Leave this privilege with all options on (Manage dataset, Manage dashboards, and View dashboards)
  30. Click Save at the top of the page to save the new definition of the Marketing Data Admin role.
  31. Repeat the previous steps to add privileges to the roles of the Sales Data Admin and Operations Data Admin. Each of these roles should have a privilege matrix that is similar to privileges assigned to the Marketing Data Admin role.
    Table 1. Privileges assigned to the Data Admin roles
    Role Name Component Permission
    Marketing Data Admin Role: Marketing Data Admin
    • Grant manage dataset
    • Grant manage dashboards
    • Grant view dashboards
    Role: Marketing Analyst
    • Grant manage dashboards
    • Grant view dashboards
    Role: Marketing Visual Consumer
    • Grant view dashboards
    Connection: Arcadia Enterprise
    • Manage analytical views
    • Import data
    • Create datasets, explore tables
    Dataset: Arcadia Enterprise, All Datasets
    • Manage dataset
    • Manage dashboards
    • View dashboards
    Sales Data Admin Role: Sales Data Admin
    • Grant manage dataset
    • Grant manage dashboards
    • Grant view dashboards
    Role: Sales Analyst
    • Grant manage dashboards
    • Grant view dashboards
    Role: Sales Visual Consumer
    • Grant view dashboards
    Connection: Arcadia Enterprise
    • Manage analytical views
    • Import data
    • Create datasets, explore tables
    Dataset: Arcadia Enterprise, All Datasets
    • Manage dataset
    • Manage dashboards
    • View dashboards
    Operations Data Admin Role: Operations Data Admin
    • Grant manage dataset
    • Grant manage dashboards
    • Grant view dashboards
    Role: Operations Analyst
    • Grant manage dashboards
    • Grant view dashboards
    Role: Operations Visual Consumer
    • Grant view dashboards
    Connection: Arcadia Enterprise
    • Manage analytical views
    • Import data
    • Create datasets, explore tables
    Dataset: Arcadia Enterprise, All Datasets
    • Manage dataset
    • Manage dashboards
    • View dashboards

After completing these steps, the list of roles shows that the number of components on the Data Admin roles increased to 6 (six):