Managing Personas and Permissions
Audience: Data Governors and System Administrators
Content Summary: This document outlines step-by-step instructions for creating users, adding permissions to a user, and removing users' permissions. For more information on user permissions, see the Personas and Permissions Overview.
- Disable Users
- Migrate Users from Another IAM
- Remove Permission from User
- Download Metrics
- Show Disabled Accounts
Compliance Requirement: Users can only interact with Dev data.
For this requirement, the User Admin should assign the GOVERNANCE permission to users on the Compliance team. This permission will allow them to create and assign tags that identify Dev, Test, and Prod data and write Global Policies that restrict data access to Dev for users.
Best Practice: Use External and Internal IAM
Use an external IAM for authentication and Immuta's internal IAM to manage attributes.
1 - Create Users
- Click the Admin icon in the left sidebar, and select the Users tab.
- Click the New User button in the top right of the page.
Click the plus button in the top left of the Immuta console.
Select the New User icon.
Fill out the Full Name and Email fields in the dialog. Note: The user's email address will be used as the username and must be unique.
Click the Create button.
2 - Add Permission to User
Click the Admin icon in the left sidebar, and select User 1 from the Users tab.
Click Add Permissions.
- Click the Select Permission dropdown, and select the GOVERNANCE permission.
- Click Close.
Now all Compliance team members have been added to Immuta, and they have the GOVERNANCE permission added in addition to the default permissions to create a project and create a data source in a project.
Click the Admin icon in the left sidebar, and then select the Users tab.
Select the user you would like to disable, and click the dropdown menu button in the upper right of the user details page.
Click Disable in the confirmation dialog.
Migrate Users from Another IAM
- Click the Admin icon in the left sidebar, and select the user from the Users tab.
Click the dropdown menu to the right of their name and select Migrate User.
Enter their username in the modal that appears and click Migrate User.
Remove Permission from User
Click the Admin icon in the left sidebar, and select the user from the Users tab.
Click the delete icon on the permission you want to remove.
- Navigate to the Admin page.
Click the Metrics icon in the top right corner of the page.
Complete the Number of Days field in the dialog that appears, and then click Download to download the JSON file
Collecting Immuta usage metrics from customers helps Immuta gain insight into how customers are using Immuta (not who they are or what their data looks like) to understand what features are heavily used. These metrics guide improvements to the user experience.
What is Collected?
The metrics collected are anonymized data points that provide information on Immuta feature usage but cannot be linked to an individual user or data source. Specifically, Immuta collects what workflows the users are completing and what the users are touching in the UI.
Workflows Users are Completing: These workflow metrics (creating policies, data sources, projects, etc.) are aggregates, such as the number of data sources created in a day, not individual events.
What Users are Touching: These metrics indicate what users click in Immuta, such as the create a data source button.
Product Input: Input from customer metrics helps Immuta make product roadmap decisions. Providing your metrics is the best way to provide product feedback directly to Immuta.
Improve User Experience: Insights into the activity of different personas (governors, data owners) can be used to improve the Immuta user interface and create meaningful feedback loops.
Internal Insights: Gaining insights into your own Immuta use can reveal habit loops or pain points that users experience that may not be obvious. Metrics will enable those to be identified and improved.
Prove Value: Quantifying the areas of Immuta that you are using the most is the key to understanding the value that Immuta brings to your organization.
Show Disabled Accounts
Once an account has been disabled, it will not appear in the list of current Immuta users. To show the disabled accounts,
- Navigate to the Admin page.
Click the dropdown menu in the top right corner of the page and select Include Disabled Accounts.
Now that you've managed the user's permissions, continue to the next page or to this tutorial: Manage Attributes and Groups.