I'm trying to update my repository permissions so that just developers in my team have access.
For 'Scoped' access it just lists 'Project Areas' :
Is it possible to select a 'Team Area' instead to restrict access to just developers in that team ?
You have all the possible access management restrictions detailed in "Controlling access to source control in Rational Team Control".
What you describe isn't possible for Repository workspace.
It is possible (with RTC4+ only) to restrict work items for a certain team area.
You can also look into stream ownership.
But regarding your own repo workspace, you can only limit it to member of project area, not of a team area.
Related
I'm trying to setup customer access to some of my BigQuery data. I'll start off with my requirements, then what I think the solution needs to be, though I'm not sure how to execute.
Requirements
Separate billing per customer for queries
I don't want to make my dataset public
Read only access to specific datasets
Accessible via Excel connector
No access rights to my main project
They manage their own access privileges, I don't want to have to add and remove individual users from direct dataset access on behalf of all our clients.
Nice to have - Web UI access
What I've Done
Created a new Google Developer Project
Added a view-only user on that project
Added a service account
Granted access to my BigQuery dataset to the service account
Here are the options for granting dataset access from the documentation:
I imagine that I need to setup some sort of special group, but I can't figure out how to do it.
Thanks in advance!
In BigQuery there are two different concepts:
The first one is billing (for queries and any other billable
activity) that is linked with a Google Cloud Project.
The second one is access to a dataset.
Having said that, to fulfil your requirements you'd create a separate project for each of the customers, and grant access to the datasets in the granularity that you would want.
That way you would have the costs for each of the projects separated but billed to you. Be careful to give them only read access to the project, unless you want them to be able to create other services like VM or deploy GAE apps, as they'd be billed to you as well.
For example dataset [MyDatasetA] to users X and Y in projects Project1 and Project2, but access to [MyDatasetB] to users Y and Z in projects Project2 and Project3.
Thus, each project is accountable for the queries their users run, and you have your access control on each dataset without it being public.
Separate billing per customer for queries. Done with the independent projects.
I don't want to make my dataset public. Done with fine grained control access.
Read only access to specific datasets. Same as above.
Accessible via Excel connector. It should work without problems as they'd be first class BQ users.
No access rights to my main project. Again possible if they are restricted to their own projects.
They manage their own access privileges. This is trickier. I think they'd need more than read access to the datasets or more than read access to the projects to be able to add new users, if you use the project groups as access control.
Nice to have - Web UI access. Check out https://bigquery.cloud.google.com/
The project groups are groups that allow to select members with Viewer, Developer or Owner roles in one click, without the hassle of adding each member manually.
You get already three groups set-up for you to use: Viewers, Editors and Owners of the original project.
But you may create your own Google Groups and give those groups the permission you want.
The hint when doing so, is that new users will usually need to Display your project so that it appears in the BQ online browser. This is done by clicking on the arrow to the side of the project name in the BQ online browser followed by Switch to project then Display project with the project name that the Dataset belongs to.
Edit: Improved the explanation about Group access
I would like to know how to create different (multiple) repositories in Pentaho Enterprise version.
Below are some points which I would like to add.
1. Different repositories for different users, so one user cant access the other users transformations and jobs.
2. One user cant access the DB connections of other users in different repositories.
My main concern is I want logic here is for security reasons. One user cant access or update other users created transformation.
Is this possible? Please help me on this.
Thanks for all in advance.
This is exactly how my repos are set up. I use database repos on PostgreSQL for all my users. To create a new repo, just click the green + button at the top right of the Repository Connection dialog.
To keep users out of each others sandboxes, I create a different schema for each user and assign DB permissions accordingly. Note, the schema has to be created before you create the repo. Of course I'm DB superuser so I can get into all their repos.
When you create a connection for a repo, go to the advanced tab and specify that user's schema in the 'Preferred schema name' box. Note, this connection will not appear in your list of connections stored in the repo; it's in the repositories.xml file in the .kettle directory. I also created a template xml file that I can tweak give out to anyone who comes on board as a developer. That way they only see their repo in the connection dialog, but my repositories.xml has all of their repos.
You can do this with file based repos as well, but of course you'd handle permissions through the file system rather than the DB.
It's also true that repos can have multiple users. I use this feature when members of the same group need to share transforms. For example the Data Warehouse group is all in one repo, but each has their own directory; the other group has their own repo, etc.
I am not sure ,that you can create multiple instatnce of same repository , but
i sugest you can use single repository with different user and with
different user level permissions
You concerns can be re-solved based on user level permission on repo
our organization has been using SAS BI Dashboard for several months now for internal use within our own organization. Now, we are working on a project where roughly 100 people in other, outside organizations will need to log on to our BI Dashboard site to view an individualized dashboard for their organization. We plan to use row-level permissions in an Information Map to control who is allowed to see what in terms of the data behind the dashboard indicators.
How would you recommend creating roughly 100 individual log-ons for outside users?
Is there a way to automate the process rather than manually creating all the accounts?
If I create the log-on name and password for each outside user, how/where would I store that in Management Console?
Any help would be appreciated - our office is small enough that we do not have a dedicated IT person or fully-trained SAS administrator, so I'm in over my head. Thanks!
As an ex SAS consultant, I can tell you briefly how I have solved this problem.
First, creating the users in batch should be easy. There are tons of scripts out there that will teach you this. I would recommend to create them in your LDAP server (probably Active Directory), to have them in a central place. That way, you can treat them the same way as you do the internal users.
To get them into the metadataserver, you should take a look at the macros that SAS provides for this:
The following macros are the core components used to import and synchronize user accounts from Active Directory to SAS metadata: %MDUIMPC , %MDUIMPLB , %MDUEXTR , %MDUCMP , %MDUCHGV , %MDUCHGLB. They are located in the following directory: [SAS Home]\SASFoundation\9.3\core\sasmacro.
This SGF proceeding will give you a practical description of the process:
http://support.sas.com/resources/papers/proceedings12/377-2012.pdf
As for the question you did not ask, "how to present the BI Dashboard webapplication to the external users". You need to set up a reverse proxy web server in a secure zone (DMZ). See this document for details: http://support.sas.com/resources/thirdpartysupport/v92m3/appservers/ApacheProxyJBoss.pdf
Hope this helps!
Stig
I have created a custom report and it shows up on my "Reports" tab. How can I make this public to everyone in the project so that they can see it in their workspace?
There isn't a way to share it with only a subset of users. What we often do for custom apps that are only useful for a small subset of users is have the admin share it, then have the subset of users copy it and then have the admin un-share it. Note, we resort to this solution to save the limited number of shared dashboards we have to apps and reports that are relevant to all teams. The problem with this solution is it makes it challenging to upgrade the app with new features. Nonetheless, I thought I would mention as an option if you are limited to the number of shared dashboards.
In order to share the app with other users you need workspace or subscription admin privileges.
https://prod.help.rallydev.com/create-custom-pages#share
I'm looking for an enterprise solution similar to Dropbox to share files across an organization. Ideally it should support:
Granular sharing of folders (specify group or individual users per group). We don't want GBs and GBs of data to be replicated to everyone. Each person should be synced to what they need exactly, but a hierarchy needs to be maintained in the folders.
Allow management from a centralized 'admin'
Possible integration to existing domain.
Any ideas?