2. Users and Groups


In this section, you will learn:


User roles

The way you add users to Connect will depend on the authentication mechanism your environment is configured with, the Admin Guide has steps for each supported authentication integration. All users on Connect will have one of three roles:

  • Administrator

  • Publisher

  • Viewer

Below you’ll see the default capabilities of each role:

Administrator Publisher Viewer Configurable?
Typical Persona IT System Administrator, Data Science Leader Data Scientist, Analyst Business User
Can add users, set user roles, and manage groups It is possible to allow publishers to add users and own groups.
Publish Content to the Server It is possible to restrict publishing to admins.
View Content on the Server ✅ (when content permissions grant them access) ✅ (when content permissions grant them access) ✅ (when content permissions grant them access)
Create tags
Manage Content settings (e.g. manage permissions for views & collaborators, Add tags, change runtime settings) ✅ (All content, actions audited when content permissions overridden) ✅ (Content they publish or collaborate on)
Set Vanity URL for content, change RunAs setting for content It is possible to allow publishers or collaborators to set Vanity URLs on their content
See a list of existing users It is possible to restrict viewers from seeing a list of users

User Management

Users can be managed from the user interface, from the Connect API and from the usermanager CLI tool. Certain actions like user deletion can only be done using the CLI tool.

When a user leaves the organization or no longer needs access to Connect it is recommended that you lock that user’s account, so that the individual is no longer able to access Connect. A locked user does not count towards your Named User license count. Locking a user also does not remove or alter content deployed by that user, so content that others depend on remains operational.

You can also delete a user account from Connect using the usermanager CLI tool, this will delete all content and groups owned by that user, and will leave any audit information associated with that user without a reference.

Connect API

The Connect API can do several user management tasks including listing, creating, updating and locking user accounts. Refer to the Users section of the API documentation for more details on the endpoints available.

To learn more about managing users using the Connect API refer to the Connect API Cookbook Users Section.

usermanager CLI

The usermanager CLI tool can do several user management tasks including listing users, deleting a user account, or transferring content ownership between users. This tool can be used while Connect is up and running if you are using a PostgreSQL database but the service must be stopped if you are using an SQLite database to support the service.

Group Management

Groups can be used to grant viewer or collaborator access to content. Groups can be managed either locally in Connect or remotely via your authentication provider.

Local groups are configured by admins in the People tab of Connect user interface or by using the Connect API. Remote groups from a supported authentication provider can also be added in the People tab, the group information for a user will be updated when a user logs in.

To learn more about managing groups using the Connect API refer to the Connect API Cookbook Groups Section.

Exercise

Tip

🚀 Launch the exercise environment!

In the exercise environment you will get experience:

  • Exploring user and group permissions
  • Locking and deleting a user
  • Transferring content between users
  • Creating a group and adding a user
  • Assigning permissions for a group for a piece of content

Go to: 3. Publishing Content

Back to top