Managing User Permissions with User Groups - Amazon FinSpace

Managing User Permissions with User Groups

Note

Please note: In order to create and manage user groups, you must be a Superuser or a member of a group with necessary permissions - Manage Users and User Groups.

You can create user groups inside Amazon FinSpace, so you do not have manage permissions individually. Permissions are not assigned directly to a user but a user group is created with the appropriate permissions, and a user is assigned to that user group.


                  user group list

Permissions

Permissions are assigned to user groups and not to users. The are two kinds of permissions in FinSpace - application permissions and dataset permissions. Application permissions are assigned to a user group when creating or editing it (for example, create datasets). Dataset permissions are assigned on a per dataset basis when associating a user group to a dataset (for example, read a view in a dataset).

Supported application permissions

Permission Description

Create Datasets

Group members can create new datasets in FinSpace or via the FinSpace API

Manage Categories and Controlled Vocabularies

Group members can create, edit and delete categories and controlled vocabularies

Manage Clusters

Group members will have permissions to manage clusters in FinSpace notebooks

Manage Users and User Groups

Group members can manage users and user groups

Manage Attribute Sets

Group members will have menu option to manage Attribute Sets

Manage Attribute Sets

Group members can create, edit and delete attribute sets

View Audit Data

Group members can view audit data

Access Notebooks

Group members will have access to the FinSpace notebooks

Get Temporary Credentials

Group members will be able to get temporary API credentials

Supported Dataset Permissions

When a dataset is created by a user, all other members of the same user group will inherit access to the dataset. The members can permission the dataset to other user groups and specify the actions that the other groups they can take on it. Users can only create a dataset if their user group has application permission for Create Datasets.

Permission Description

View Dataset Details

Group members can view dataset details

Read Dataset Data

Group members can read the data files, such as data views, provided on S3 for Spark, notebooks, and access from outside FinSpace

Add Dataset Data

Data Group members can add new data files to this dataset to create a dataset update

Create View

Group members can create new data or file view on this dataset via the Web UI or API

Edit Dataset Metadata

Group members will have permission to edit dataset metadata including permission to add additional attribute sets

Manage Permissions

Group members can view and edit this dataset permissions

Delete Dataset

Group members can remove the dataset including all data and data views

Creating a User Group and Adding a User to the Group

Use the following procedure to create a user group and add a new user to it.

  1. From the homepage, choose the gear icon on the top right corner.

  2. Choose Users and Groups.

  3. Choose CREATE USER GROUP.

    
                           create user group
  4. Select appropriate permissions.

  5. Choose CREATE. You will be taken to the User Group page. A new group is created with permissions.

    
                           data engineer permissions
  6. Choose ADD USER TO THIS GROUP.

  7. Choose the user to add to this group from the radio buttons.

  8. Choose ADD.

  9. A new user is now added to the group.

List all user groups

Use the following procedure to list all created user groups.

  1. From the homepage, choose the gear icon on the top right corner.

  2. Choose Users and Groups.

  3. Choose the USER GROUPS tab.

Delete a user group

Use the following procedure to delete a user group.

  1. From the homepage, choose the gear icon on the top right corner.

  2. Choose Users and Groups.

  3. Choose the USER GROUPS tab.

  4. Go to the user group page to delete.

  5. Choose MORE menu on the top right corner. Choose Remove Group.

  6. Choose REMOVE.

    
                           remove user group