User management
This article describes users, groups, roles, and permissions management in Dataedo Portal in detail.
Users
The Dataedo Portal lets you easily add, edit or remove users. Navigate to the User Management view from Settings > User Management. You can view all users who already have access to your Dataedo Portal in the Active Users table.
Adding a user
To add a new user press the Add User button and provide their desired Login and Display name.
Please note that the Dataedo Portal will not ask for a User password at any step, as user authentication is handled through separate systems. Find out more about the login flow in the Accessing Dataedo Portal article.
Managing a user
The details button lets you access and manage user details.
The Details view contains two tabs. Within Settings you can edit basic information and quickly assign groups. Permissions let you manage user's access levels. You can find more on Permissions and Groups in later sections of this article.
Deleting a user
You can delete a user through either the Active Users table or the User Details view. You will have to confirm this action in a popup.
When a user is deleted, their name is anonymized, but their information persists in the database, so content created by the user (like comments) remains available.
Deleted users can no longer log in. Since user deletion is a soft-delete process, you can reverse it by altering the deleted column in the dbo.licenses table.
Restoring a user
Starting from Dataedo 10.3.2, you can restore users using the Deleted Users table.
In older versions, you can use the following command to restore a deleted user:
UPDATE [dbo].[licenses]
SET [email] = '[email protected]', --Email address used for notifications
[name] = 'Display Name', --Name displayed on comments created in Dataedo Portal
[deleted] = 'false' --do not change this value
WHERE [login] = 'login'; --Login used to access (SQL login, AD name (including domain), or email address if using SAML
Using two accounts
When the same person is working with both the Dataedo Desktop and Dataedo Portal, it is possible that they will have two separate user accounts. For instance, an Online Account for Dataedo Desktop and an OKTA account for Dataedo Portal.
Groups
Groups mirror company structure and are meant to make permissions management easier. For example, instead of assigning the "Editor" Role to users one by one, you can group all editors into one group and assign permissions to it.
Adding a Group
The Groups table lets you add a new Group or edit an existing one.
Managing a Group
When editing a Group, you can use the Settings tab to edit basic details like the Group's name or whether new users should be assigned to it by default.
The Permissions tab lets you edit Group permissions. Permissions are explained in more detail later on in this article.
The Users tab lets you quickly assign Users to a Group.
Default group
When creating or editing a Group you can toggle "Automatically assign group to each new user" on. This sets it as a Default Group. You can have multiple Default Groups set up simultaneously.
During user creation, the user is automatically assigned to all Default Groups.
Deleting a group
Deleting a group requires confirmation in a popup.
When you confirm:
- all assigned users loose permissions inherited from this group
- the group with all its settings is irreversibly deleted
Roles
A Role is a named set of actions that a User can perform. Dataedo offers a set of predefined roles, which you can review in this article.
Permissions
A Permission is a role assigned to an entity (User or Group) in some context (Repository or Database).
Examples of permissions are:
- John Doe has an Admin role in SQL Server DB 1.
- Analysts Group has an Editor role in Oracle Documentation.
- Viewers Groups have a Viewer role for the whole Repository.
Assigning permissions
You can give permissions to both users and groups through a very similar UI. First navigate to the relevant tab ("Roles" for Users, "Permissions" for Groups) and press Add Role. You can then use the Role field to specify the level of permissions and the Scope field to define where they should apply (it can be global or affect only certain repositories).
In the image below the role of a Connection Manager with a global scope is assigned to the "Test" Group. As a result, all users assigned to "Test" will have Connection Manager permissions in your entire repository.
Inheriting permissions
Users inherit all permissions from all Groups they are in.
In other words, User's permissions are a summary of all their personal permissions and permissions inherited from their Groups. You can view a summary of all permissions in Users' Details.
Auditing database
You can also check permissions from a data source perspective. Open the Permissions tab from the database page to view all users with their access levels.
