Forum

Kognitio Console issues, advice, etc.
Contributor
Offline
Posts: 184
Joined: Wed May 29, 2013 2:10 pm
Location: Bracknell

Creating Groups and Users with Console

by MikeAtkinson » Tue Jun 28, 2016 10:24 am

Privileges in Kognitio are additive and are inherited by users from the groups they are a member of. It is best to assign privileges to groups, then add users to those groups so that they can inherit the group privileges.

So for each project or workgroup create a group, then assign users to those projects and workgroups they take part in. If a user changes project it is easy to remove them from one project and add them to another."

You may also want to give each user their own private schema as a work area. Then schema and schema-wide privileges for that may be assigned directly to the user.

Create users

To create a new user, "Mike" in this example, right-click on the Users item in the metadata tree, select "New User ..." and enter the data for the user into the New User dialog.

Image

User MIKE has been given a private work area the schema also called MIKE, but it does not have privileges to access that schema. So we need to give it some.

Double-click on the user (in this example MIKE) to bring up the Object View for that user. Then single click on the object to assign privileges to (in this case the schema MIKE). Open up the metadata tree "Privileges" item and the available privileges for that object will be opened and enabled. Drag and Drop the desired privilege(s) to the "Privileges" area, then click "Save Changes" to perform the action(s). In the example all schema and all table schema-wide privileges have been added.

Image

The Actions tab of the Logs pane will show the SQL executed to perform these actions, in this case:

Code: Select all

create user mike password "ch4ng3m3" sec_class DEFAULT default schema mike;
grant  all on schema MIKE to mike;
grant  all on every table in schema MIKE to mike;
Users may now access their private schema:

Image

Repeat for all users.

Create groups

As an example we create a new group for a project, called it PROJECT_ALPHA. Right click on the Groups item in the metadata tree, select "New Group ..." and enter the data for the user into the New Group dialog.

Image

Now double click on the PROJECT_ALPHA item in the metadata tree, which brings up the Group Object View for PROJECT_ALPHA. We need to add the "Mike" user to this group which may be done by dragging it to the "Users" area of the PROJECT_ALPHA object view and clicking "Save Changes".

Image

Also created is a schema "ALPHA" which will be used as the PROJECT_ALPHA work area.

Image


Add privileges to the group

Now privileges need to be added to the group PROJECT_ALPHA to access the ALPHA schema. Do this by double-clicking on the PROJECT_ALPHA group to bring up the Object View, then single clicking on the ALPHA schema. Open up the metadata tree "Privileges" item and the available privileges for that object will be opened and enabled. Drag and Drop the desired privilege(s) to the "Privileges" area, then click "Save Changes" to perform the action(s). In the example the group has been given limited rights to view the schema, external scripts and tables in the schema and to select from the tables in the schema, execute scripts in the schema and create temporary tables.

Image

The Actions tab of the Logs pane shows the SQL executed to make these changes:

Code: Select all

grant  create temporary table on schema ALPHA to project_alpha;
grant  view on every external script in schema ALPHA to project_alpha;
grant  view on every table in schema ALPHA to project_alpha;
grant  view on schema ALPHA to project_alpha;
grant  execute on every external script in schema ALPHA to project_alpha;
grant  select on every table in schema ALPHA to project_alpha;
Note: privileges may also be assigned to users, but it is almost always better to assign privileges to a group and then make the users members of that group (except for a user private work area as shown above).
Reply with quote Top

Who is online

Users browsing this forum: No registered users and 1 guest

cron