Skip to content

Management of Users, Authorizations, Groups, and Permissions

Audience: System Administrators

Content Summary: System Administrators are responsible for managing users and their permissions, authorizations, and groups. This page defines and explains how permissions, authorizations, and groups work in Immuta.

Permissions

Permissions are a system-level mechanism that control what actions a user is allowed to take. These are applied to both the API and UI actions. Permissions can be added to any user by a System Administrator (any user with the ADMIN permission), but the permissions themselves are managed by Immuta and cannot be added or removed in the Immuta UI; however, custom permissions can be created in the Immuta Configuration Builder.

Permission Details

  • CREATE_DATA_SOURCE: Gives the user the ability to create data sources.
  • CREATE_PROJECT: Gives the user the ability to create projects.
  • ADMIN: Gives the user access to administrative actions. These include:
  • AUDIT: Gives the user access to the audit logs.
  • GOVERNANCE: Gives the user the ability to act as a Governor.
  • IMPERSONATE_HDFS_USER: When creating an HDFS data source, this allows the user to enter any HDFS username to access data.
  • CREATE_S3_DATASOURCE_WITH_INSTANCE_ROLE: When creating an S3 data source, this allows the user to the handler to assume an AWS role when ingesting data.

Authorizations

Authorizations are custom tags that can be added to a user to restrict what data the user can see. When creating a policy on a data source, you can apply the policy to any user that possesses an authorization. Authorizations can be added manually as well as mapped in from LDAP or Active Directory.

Groups

Groups function similarly to those in Active Directory and LDAP, allowing System Administrators to group a set of users together. Users can belong to any number of groups and can be added or removed from groups at any time. Similar to authorizations, groups can be used to restrict what data a set of users has access to. When creating a policy on a data source, you can apply the policy to a group, which would affect any user that belongs to the said group. Permissions cannot be applied to groups.