Permissions Supported dataset permissions Creating and adding a user to the group List all permission groups Delete a permission group

Managing user permissions with permission groups

Important

Amazon FinSpace Dataset Browser will be discontinued on November 29, 2024. Starting November 29, 2023, FinSpace will no longer accept the creation of new Dataset Browser environments. Customers using Amazon FinSpace with Managed Kdb Insights will not be affected. For more information, review the FAQ or contact AWS Support to assist with your transition.

Note

In order to create and manage permission groups, you must be a superuser or a member of a group with necessary permissions - Manage Users and Permission Groups.

You can create permission groups inside Amazon FinSpace, so you do not have manage permissions individually. Permissions are not assigned directly to a user but a permission group is created with the appropriate permissions, and a user is assigned to that permission group.

A screenshot that shows the permission group list.

Permissions

Permissions are assigned to permission groups and not to users. The are two kinds of permissions in FinSpace - application permissions and dataset permissions. Application permissions are assigned to a permission group when creating or editing it (for example, create datasets). Dataset permissions are assigned on a per dataset basis when associating a permission group to a dataset (for example, read a view in a dataset).

Warning

When assigning application permissions, be aware that the permission Manage Users and Permission Groups allows users to grant themselves or others access to any functionality in their FinSpace environment's application. It should only be granted to trusted users.

Supported application permissions

Permission	Description
Create Datasets	Group members can create new datasets in FinSpace or via the FinSpace API
Manage Categories and Controlled Vocabularies	Group members can create, edit and delete categories and controlled vocabularies
Manage Clusters	Group members will have permissions to manage clusters in FinSpace notebooks
Manage Users and Permission Groups	Group members can manage users and permission groups. This is a privileged permission that allows users to grant themselves or others access to any functionality in the application. It should only be granted to trusted users.
Manage Attribute Sets	Group members will have menu option to manage Attribute Sets
Manage Attribute Sets	Group members can create, edit and delete attribute sets
View Audit Data	Group members can view audit data
Access Notebooks	Group members will have access to the FinSpace notebooks
Get Temporary Credentials	Group members will be able to get temporary API credentials

Supported dataset permissions

When a dataset is created by a user, all other members of the same permission group will inherit access to the dataset. The members can permission the dataset to other permission groups and specify the actions that the other groups they can take on it. Users can only create a dataset if their permission group has application permission for Create Datasets.

Permission	Description
View Dataset Details	Group members can view dataset details
Read Dataset Data	Group members can read the data files, such as data views, provided on S3 for Spark, notebooks, and access from outside FinSpace
Add Dataset Data	Data Group members can add new data files to this dataset to create a dataset update
Create View	Group members can create new data or file view on this dataset via the Web UI or API
Edit Dataset Metadata	Group members will have permission to edit dataset metadata including permission to add additional attribute sets
Manage Permissions	Group members can view and edit this dataset permissions
Delete Dataset	Group members can remove the dataset including all data and data views

Creating and adding a user to the group

To create a permission group and add a new user to it

Sign in to the FinSpace web application. For more information, see Signing in to the Amazon FinSpace web application.
On the left navigation bar of the home page, choose Users and Groups.
On the Users and Permission Groups page, choose Create Permission Group.
On the Create Permission Group page, enter the name and description for the permission group and select appropriate permissions for the group.
Choose Create. A new group is created with selected permissions.
Choose Add User to This Group.
On the dialog box, select a user to add to this group.
Choose Add. A new user is now added to the group.

List all permission groups

To list all created permission groups

Sign in to the FinSpace web application. For more information, see Signing in to the Amazon FinSpace web application.
On the left navigation bar of the home page, choose Users and Groups.
Choose the Permission Groups tab. A list of all the permission groups is displayed in the table.

Delete a permission group

To delete a permission group

Sign in to the FinSpace web application. For more information, see Signing in to the Amazon FinSpace web application.
On the left navigation bar of the home page, choose Users and Groups.
Choose the Permission Groups tab.
From the list, select a group and choose the more ( ) icon.
Choose Remove Group.
In the dialog box that appears, choose Remove.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Managing user access with SSO

Temporary credentials