Forum

Kognitio Console issues, advice, etc.
Contributor
Offline
Posts: 184
Joined: Wed May 29, 2013 2:10 pm
Location: Bracknell

Creating Groups and Users with Kog Scripts

by MikeAtkinson » Tue Jun 28, 2016 12:32 pm

This example Kog Script shows how to add users and groups to Kognitio.

For this example the groups, projects and users are defined as Lua tables. In production these tables could be read from data files.

Both teams and projects are given groups, for each project there is also an admin group. Each team may be assigned a number of projects. Users which part of those teams are given privileges on those projects.

For each project one user has been granted admin rights by assigning them to the projects admin group.

Code: Select all

projects = { "alpha", "beta", "gamma", "delta" }
teams = { { "team_a", "alpha", "beta" }, { "team_b", "delta" } }
users = { { "andy", "team_a", "alpha_admin" },
          { "brenda", "team_a", },
          { "charles", "team_a", "beta_admin",  "gamma", "gamma_admin" },
          { "dave", "team_b", "delta_admin" },
          { "eve", "team_b", "gamma" },
          { "freda", "team_b", "gamma" } }
Create the projects

Code: Select all

for _,p in pairs(projects) do
    schemaname = p
    groupname = p
    adminname = p .. "_admin"
    create group $groupname;
    create group $adminname;
    create schema $schemaname;
    
    -- give minimal privileges on the schema, its tables and scripts to the group
    grant create temporary table on schema $schemaname to $groupname;
    grant view on every external script in schema $schemaname to $groupname;
    grant view on every table in schema $schemaname to $groupname;
    grant view on schema $schemaname to $groupname;
    grant execute on every external script in schema $schemaname to $groupname;
    grant select on every table in schema $schemaname to $groupname;
    
    -- give all privileges on the schema to the admin group
    grant all on schema $schemaname to $adminname;
    grant all on every table in schema $schemaname to $adminname;
    grant all on every external script in schema $schemaname to $adminname;
end
Create the team groups and assign them to projects

Code: Select all

for _,t in pairs(teams) do
    groupname   = t[1]
    create group $groupname;
    for i=2,#t do
       parentgroup = t[i]
       alter group $parentgroup add group $groupname;
    end
end
Create the users and assign them to groups

Code: Select all

for _,u in pairs(users) do
    username   = u[1]
    schemaname = u[1]
    create user $username password "ch4ng3m3" sec_class DEFAULT schema $schemaname;
    grant all on schema $username to $schemaname;
    grant all on every table in schema $username to $schemaname;
    for i=2,#u do
       g = u[i]
       alter group $g add user $username;
    end
end
This example does not set the security class to other than default or set the queue to use, both of these should be done in production systems.

Privileges for columns, connectors, external scripts, queues, script environments and to manage users and groups may also be assigned.

A more sophisticated script would read the Kognitio metadata to check if users and groups already exist, remove those that are not in the current projects/teams and users tables, remove users from groups, maybe drop the work areas of users who no longer exist, etc.
Reply with quote Top

Who is online

Users browsing this forum: No registered users and 1 guest

cron