When a user creates a new dataset, that dataset is private by default. To share, user must explicitly grant others access to the new dataset.
In principal, anyone with Manage roles and users privileges can grant dataset access to others. However, we choose to restrict this privilege to a small number of people in the organization, typically system administrators. This is because role editing is very powerful and role editors have full access to the entire system and can update any role to grant any permission to any user.
As a result, most dataset creators do not ordinarily have the Manage roles and users permission, and must place a service request so that system administrators add new datasets to the desired roles. In large organizations with multiple teams that consist of users with different responsibilities (dataset creators, dashboard creators, and dashboard viewers), access management becomes a laborious task.
Our RBAC security approach gives dataset creators an opportunity to 'publish' or share their datasets through a set of grants based on roles. They can grant access to specific roles though the Grant manage dataset, Grant manage dashboards, and Grant view dashboards permissions.
The following workflow is established to ensure that dataset creators can grant access to their datasets without having to rely on system administrators.
Before a dataset creator, Data Admin, can publish a dataset, they must have appropriate RBAC permissions, and the roles have to be assigned correctly to the members of each team. To understand how to configure the required permissions, roles, groups, and users, read RBAC setup for dataset publishing, which contains the following topics:
Setting the dataset recipient roles
Setting the dataset publisher role
Defining groups for teams and access levels
Assigning groups to roles
Assign users to groups
After making all necessary adjustments to the dataset, a user with a Data Admin role can publish the dataset.
Follow these steps to publish a dataset to the intended users.
- Log in as a user with Data Admin privileges. Here, we log in as user John_Marketing.
- Navigate to the dataset you plan to publish. In our case, we plan to publish the Modified Iris Data dataset.
Click the Permissions option in the left navigation.
At this stage, the Permissions interface for the Modified Iris Data dataset appears. In this example, it contains the default matrix for roles and privileges for the three Data Admin roles for All datasets on the Arcadia Enterprise connection (Manage dataset, Manage dashboards, and View dashboards).
You can publish the dataset through one of the following actions:
Option Description Publish Makes the dataset publicly visible to the already enabled roles. You can stop here. Edit Permissions Allows the user to grant additional access permissions on the dataset. This is only available to users with Role permissions. If you choose this option, continue to the next step.
Click Edit Permissions.
The fuller Permissions matrix appears.
To grant the available privileges to the Modified Iris Data to the Marketing
group, click the check boxes for the appropriate grants for the Data Admin, Analyst, and
Visual Consumer roles defined in the Marketing group.
In this example, we granted all possible privileges. However, it is feasible that you may initially select only the Data Admin role, to involve others who have that role in testing the dataset and building preliminary dashboards. You can subsequently use this interface to grant access to other roles and users, such as Analysts who build more sophisticated dashboards, and postpone Visual Consumer access to a later time.
This action makes the dataset available to all specified roles.
Note that all permissions on the dataset are active, and the dataset is published.