System Administrator Learning Path Overview
Who this path is for
This learning path is for users who manage users, groups, and authorizations and for those who configure Immuta instances (including data handlers, IAMs, external catalogs, etc.) for their organizations.
In Immuta, these responsibilities are divided between two user roles: User Admins, who manage users and their attributes, and Application Admins, who manage the configuration settings for their organization.
Learning path context
Although User Admin responsibilities in the Immuta console can be boiled down to managing users, permissions, and groups and authorizations, the problem they solve within an organization is complicated: increasing flexibility while decreasing complexity and friction with data access and control.
This learning path illustrates how to manage users, permissions, and groups and authorizations, which are used to drive policies and restrict data access.
Traditional approaches to using groups for data access rarely implement user attributes in ways that make sense and reflect who the users actually are; instead, users are divided into groups, and then these groups are used to determine what data users should have access to.
In this approach, once data sources are added or controls need to change, new groups must be added and managed, which creates confusion and inefficiency because, eventually, more groups exist than data sources and users don't know what groups they need access to.
Immuta shifts this paradigm by comparing user attributes to conditions set in policies to determine data access. System Administrators create and manage these attributes, which then drive Global and Local Policies.
Before beginning the first course, consider these overarching questions:
What are your specific goals regarding data access and compliance, and how do your goals compare to your organization's goals?
How will Immuta be incorporated into your workflow?
How do you currently manage groups in your organization, and how are these groups used to restrict access to data?
What you'll be able to do
After completing this learning path, you'll be able to
- identify the differences among the roles of a User Admin, an Application Admin, and a Data Governor.
- identify the actions you can take with the USER_ADMIN and APPLICATION_ADMIN permissions.
- effectively manage groups, permissions, and authorizations to align with your organization.
- add users to and remove users from groups.
- add authorizations to and remove authorizations from users and groups.