Recent Improvements to User/Group Management and Fine-Grained Access Control in DataHub
Ingesting Users and Groups into DataHub just got easier
During the August 2021 Community Town Hall, John Joyce from Acryl Data gave us a look into proactive and just-in-time user provisioning.
DataHub now supports proactive batch ingestion with Okta & Azure AD, allowing you to leverage your existing user identity stores & bring them into the platform.
What other identity providers would you like to see supported? Send us your requests here !
As your user base grows over time, you can now leverage just-in-time user & group provisioning; when a user logs using OIDC, DataHub will check to see if the user exists using the unique name provided by the identity provider. If the user does not exist, a new account will be provisioned automatically. This functionality is enabled by default beginning with v.0.8.11; you can disable it at any time in the frontend container .
Just-In-Time Provisioning (w/OIDC)
Within the DataHub UI, we have now made Groups searchable; Group members now appear on the Group page to make it easy to understand which users are included.
In the near future, we are planning to introduce a User & Group management portal in the DataHub UI & associated Onboarding Guide to allow admins to:
- Create and Remove groups
- Manage group membership
- Activate & deactivate users
Manage Fine-Grained Access Control with Policies
The Acryl Data team began working on fine-grained permissioning in Summer 2021 in response to strong community interest in controlling which users could access what metadata.
Starting with v.0.8.11, admins can now create new Policies to define who can perform what action against which resource(s).
When you create a new Policy, you will be able to define the following:
Policy Type
- Platform — top-level DataHub Platform privileges, i.e. managing users, groups, and policies
- Metadata — ability to manipulate ownership, tags, documentation, & more
Metadata Policy Configuration
Resource Type
- Specify the type of resource, such as Datasets, Dashboards, Pipelines, etc.
Specific Resource(s)
- If relevant, you can restrict permission to a specific resource or set of resources within that type
Privileges
- Choose the set of permissions, such as Edit Owners, Edit Documentation, Edit Links
Metadata Policy Privileges
Users and/or Groups
- Assign relevant Users and/or Groups; you can also assign the Policy to Resource Owners, regardless of which Group they belong to
Metadata Policy User & Groups
Kick the tires by creating a sample Policy on the DataHub Demo site!
See the full presentations from the August Community Town Hall below!