What's new?
- Create user groups + Create user groups Anomaly detection dashboards Anomaly detection Set up Soda-hosted Agent diff --git a/soda-agent/deploy.md b/soda-agent/deploy.md index a52434c6..62bab2ba 100644 --- a/soda-agent/deploy.md +++ b/soda-agent/deploy.md @@ -1354,7 +1354,7 @@ This tab is the fifth step in the guided workflow if the **5. Check** tab is abs | Field or Label | Guidance | |----------------|----------| | Data Source Owner | The Data Source Owner maintains the connection details and settings for this data source and its Default Scan Definition. | -| Default Dataset Owner | The Datasets Owner is the user who, by default, becomes the owner of each dataset the Default Scan discovers. Refer to [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) to learn how to adjust the Dataset Owner of individual datasets.| +| Default Dataset Owner | The Datasets Owner is the user who, by default, becomes the owner of each dataset the Default Scan discovers. Refer to [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-global.md %}#data-source-dataset-agreement-and-check-owners) to learn how to adjust the Dataset Owner of individual datasets.|diff --git a/soda-agent/managed-agent.md b/soda-agent/managed-agent.md index 82a5be3b..cafb95af 100644 --- a/soda-agent/managed-agent.md +++ b/soda-agent/managed-agent.md @@ -138,7 +138,7 @@ This tab is the fifth step in the guided workflow if the **5. Check** tab is abs | Field or Label | Guidance | |----------------|----------| | Data Source Owner | The Data Source Owner maintains the connection details and settings for this data source and its Default Scan Definition. | -| Default Dataset Owner | The Datasets Owner is the user who, by default, becomes the owner of each dataset the Default Scan discovers. Refer to [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) to learn how to adjust the Dataset Owner of individual datasets.| +| Default Dataset Owner | The Datasets Owner is the user who, by default, becomes the owner of each dataset the Default Scan discovers. Refer to [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-global.md %}#data-source-dataset-agreement-and-check-owners) to learn how to adjust the Dataset Owner of individual datasets.|
diff --git a/soda-cl/check-attributes.md b/soda-cl/check-attributes.md index 44c703ae..ab5c1f7a 100644 --- a/soda-cl/check-attributes.md +++ b/soda-cl/check-attributes.md @@ -8,7 +8,7 @@ parent: Organize, alert, investigate # Add check attributes *Last modified on {% last_modified_at %}* -As a Soda Cloud Admin user, you can define **check attributes** that your team can apply to checks when they write them. +As user with [permission]({% link soda-cloud/roles-global.md %}#global-roles-and-permissions) to do so, you can define **check attributes** that your team can apply to checks when they write them. {% include code-header.html %} ```yaml checks for dim_product: @@ -38,11 +38,11 @@ Use attributes to organize your checks and alert notifications in Soda Cloud. ## Prerequisites -* To *define* new check attributes, you must have [Admin permissions]({% link soda-cloud/roles-and-rights.md %}) on your Soda Cloud account. Any Soda Cloud user or Soda Library user can *apply* existing attributes to new or existing checks. +* To *define* new check attributes, you must have the permission to do so on your Soda Cloud account. Any Soda Cloud user or Soda Library user can *apply* existing attributes to new or existing checks. ## Define a check attribute -Note that you can only define or edit check attributes as an [Admin]({% link soda-cloud/roles-and-rights.md %}) in Soda Cloud. You cannot define new attributes in Soda Library. Once defined in Soda Cloud, any Soda Cloud or Soda Library user can [apply the attribute](#apply-an-attribute-to-one-or-more-checks) to new or existing checks. +Note that you can only define or edit check attributes as a user with [permission]({% link soda-cloud/roles-global.md %}) to do so in Soda Cloud. You cannot define new attributes in Soda Library. Once defined in Soda Cloud, any Soda Cloud or Soda Library user can [apply the attribute](#apply-an-attribute-to-one-or-more-checks) to new or existing checks. 1. In your Soda Cloud account, navigate to **your avatar** > **Attributes** > **New Attribute**. 2. Follow the guided steps to create the new attribute. Use the details below for insight into the values to enter in the fields in the guided steps. diff --git a/soda-cl/failed-row-samples.md b/soda-cl/failed-row-samples.md index 86878bae..56c18547 100644 --- a/soda-cl/failed-row-samples.md +++ b/soda-cl/failed-row-samples.md @@ -260,7 +260,7 @@ See also: [Configuration and setting hierarchy](#configuration-and-setting-hiera If your data contains sensitive or private information, you may *not* want to collect any failed row samples, whatsoever. In such a circumstance, you can disable the collection of failed row samples completely. To prevent Soda Cloud from receiving any sample data or failed row samples for any datasets in any data sources to which you have connected your Soda Cloud account, proceed as follows: -1. As an Admin, log in to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. +1. As a user with [permission]({% link soda-cloud/roles-global.md %}#global-roles-and-permissions) to do so, log in to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. 2. In the **Organization** tab, uncheck the box to **Allow Soda to collect sample data and failed row samples for all datasets**, then **Save**.
{:height="450px" width="450px"} diff --git a/soda-cl/failed-rows-checks.md b/soda-cl/failed-rows-checks.md index d411b4ed..f8574e1b 100644 --- a/soda-cl/failed-rows-checks.md +++ b/soda-cl/failed-rows-checks.md @@ -50,7 +50,7 @@ checks for dim_customer: To send failed rows samples to Soda Cloud, samples collection must be enabled in Soda Cloud. -As a Soda Cloud Admin, navigate to **your avatar** > **Organization Settings**, then check the box to **Allow Soda to collect sample data and failed row samples for all datasets**. +As a user with [permission]({% link soda-cloud/roles-global.md %}#global-roles-and-permissions) to do so, navigate to **your avatar** > **Organization Settings**, then check the box to **Allow Soda to collect sample data and failed row samples for all datasets**. ## Define failed rows checks diff --git a/soda-cl/soda-cl-overview.md b/soda-cl/soda-cl-overview.md index 978f93f1..af9e9582 100644 --- a/soda-cl/soda-cl-overview.md +++ b/soda-cl/soda-cl-overview.md @@ -97,7 +97,7 @@ Create **no-code checks** for data quality directly in the Soda Cloud user inter * You, or an Admin on your Soda Cloud account, has [deployed a Soda Agent]({% link soda-agent/deploy.md %}) version 0.8.52 or greater, and connected it to your Soda Cloud account. * You, or an Admin on your Soda Cloud account, has [added a new datasource]({% link soda-agent/deploy.md %}#add-a-new-data-source) via the Soda Agent in your Soda Cloud account *and* configured the data source to [discover the datasets]({% link soda-cl/profile.md %}#add-dataset-discovery) in the data source for which you want to write no-code checks. (Soda must have access to dataset names and column names to present those values in dropdown menus during no-code check creation.) -* You must have permission to edit the dataset as an Admin, Manager, or Editor; see [Manage roles and permissions]({% link soda-cloud/roles-and-rights.md %}). +* You must have permission to edit the dataset; see [Manage dataset roles]({% link soda-cloud/roles-dataset.md %}). ### Create a new check @@ -110,7 +110,7 @@ SodaCL includes over 25 built-in metrics that you can use to write checks, a sub -1. As an Admin, or Manager or Editor of a dataset to which you wish to add checks, navigate to the dataset, then click **Add Check**. You can only create a check via the no-code interface for datasets in data sources connected via a Soda Agent. +1. As a user with [permission]({% link soda-cloud/roles-dataset.md %}#dataset-roles-and-permissions) to do so of a dataset to which you wish to add checks, navigate to the dataset, then click **Add Check**. You can only create a check via the no-code interface for datasets in data sources connected via a Soda Agent. 2. Select the type of check you wish to create, then complete the form to create the check. Refer to table below for guidance on the values to enter. 3. Optionally, **Test** your check, then click **Propose check** to initiate a **[Discussion]({% link soda/glossary.md %}#discussion)** with colleagues. Soda executes the check during the next scan according to the schedule you selected, or whenever a Soda Cloud user runs the schedule scan manually.
Be aware that a schema check requires a minimum of two measurements before it yields a useful check result because it needs at least one historical measurement of the existing schema against which to compare a new measurement to look for changes. Thus, the first time Soda executes this check, the result is `[NOT EVALUATED]`, indicated by a gray, question mark status icon. 4. Click **Add Check** to include the new, no-code check in the next scheduled scan of the dataset. Note that a user with Viewer permissions cannot add a check, they can only propose checks. @@ -160,7 +160,7 @@ By default, alert notifications for your no-code check go to the **Dataset Owner ### Edit an existing check -1. As an Admin, or Manager or Editor of a dataset in which the no-code check exists, navigate to the dataset. +1. As a user with permission to do so, navigate to the dataset in which the no-code check exists. 2. To the right of the check you wish to edit, click the stacked dots, then select **Edit Check**. You can only edit a check via the no-code interface if it was first created as a no-code check, as indicated by the cloud icon in the **Origin** column of the table of checks. 3. Adjust the check as needed, test your check, then save. Soda executes the check during the next scan according to the scan definition you selected. 4. Optionally, you can execute your check immediately. Locate the check you just edited and click the stacked dots, then select **Execute Check**. Soda executes *only* your check. diff --git a/soda-cloud/anomaly-dashboard.md b/soda-cloud/anomaly-dashboard.md index d2871aa0..cc773e3d 100644 --- a/soda-cloud/anomaly-dashboard.md +++ b/soda-cloud/anomaly-dashboard.md @@ -79,7 +79,7 @@ Activate an anomaly dashboard to one or more datasets by configuring profiling f Use the following procedure to activate the anomaly dashboard for an existing dataset in a data source you already connected to your Soda Cloud account via a self-hosted or Soda-hosted agent. -1. If you have been assigned an Admin, Manager, or Editor [role]({% link soda-cloud/roles-and-rights.md %}#access-to-resources) for a dataset, navigate to the **Datasets** dashboard, then open the dataset to which you wish to activate an anomaly dashboard. +1. If you have the [permission]({% link soda-cloud/roles-dataset.md %}) to do so for a dataset, navigate to the **Datasets** dashboard, then open the dataset to which you wish to activate an anomaly dashboard. 2. Navigate to the **Anomalies** tab where a message appears that advises you that the anomaly dashboard has not been activated for this dataset. Click **Activate**. 3. Follow the guided steps and carefully read the warning about the changes to any existing profiling you have configured for the data source (see below). If you accept the permanent changes, specify the time of day you wish to run the daily anomaly scan, then proceed. >
diff --git a/soda-cloud/ask-ai.md b/soda-cloud/ask-ai.md index 55baff29..a7d4ac20 100644 --- a/soda-cloud/ask-ai.md +++ b/soda-cloud/ask-ai.md @@ -29,7 +29,7 @@ Ask AI replaces SodaGPT, the original implementation of a generative AI assistan ## Enable Ask AI -If you do not already have an account, sign up for Soda Cloud for a 45-day free trial. Then, as an Admin user, navigate to **your avatar** > **Organization Settings**, then check the box to **Enable Ask AI powered by Kapa**. +If you do not already have an account, sign up for Soda Cloud for a 45-day free trial. Then, as a user with [permission]({% link soda-cloud/roles-global.md %}#global-roles-and-permissions) to do so, navigate to **your avatar** > **Organization Settings**, then check the box to **Enable Ask AI powered by Kapa**. {:height="600px" width="600px"} @@ -37,7 +37,7 @@ If you do not already have an account, Can't see the Ask AI button?
If you are an existing Soda customer, you must accept Soda's revised terms and conditions for service that includes the use of third-party tools that facilitate generative AI capabilites. Reply to Soda's Terms & Conditions email to accept the revisions, or contact Soda Support to arrange acceptance and enable the feature.
- If you have accepted the revised terms and conditions but still cannot see the Ask AI button, as an Admin user, navigate to your avatar > Organization Settings, then check the box to Enable Ask AI powered by Kapa. + If you have accepted the revised terms and conditions but still cannot see the Ask AI button, as a user with [permission]({% link soda-cloud/roles-global.md %}#global-roles-and-permissions) to do so, navigate to your avatar > Organization Settings, then check the box to Enable Ask AI powered by Kapa.
diff --git a/soda-cloud/collaborate.md b/soda-cloud/collaborate.md index 4e19d802..ceef951b 100644 --- a/soda-cloud/collaborate.md +++ b/soda-cloud/collaborate.md @@ -68,7 +68,7 @@ Invite the members of your team to join you in your work to monitor data quality In your Soda Cloud account, navigate to **your avatar** > **Invite Team Members** and fill in the blanks. -When your team members receive the invitation email, they can click the link in the email to create their own login credentials to access your Soda Cloud account directly. Refer to [Default roles and groups]({% link soda-cloud/roles-and-rights.md %}#default-roles-and-permissions) to learn more about the default access rights Soda Cloud assigns to new users. +When your team members receive the invitation email, they can click the link in the email to create their own login credentials to access your Soda Cloud account directly. Refer to [Manage global roles, user groups, and settings]({% link soda-cloud/roles-global.md %}) to learn more about the default access rights Soda Cloud assigns to new users. Note that if your organization uses a single sign-on (SSO) identity provider to access Soda Cloud, you cannot invite team members in Soda Cloud. Instead, contact your IT Admin to request access to Soda Cloud using your SSO. See also, [Single Sign-on with Soda Cloud]({% link soda-cloud/sso.md %}). diff --git a/soda-cloud/notif-rules.md b/soda-cloud/notif-rules.md index 6b1c7085..cb074eb0 100644 --- a/soda-cloud/notif-rules.md +++ b/soda-cloud/notif-rules.md @@ -28,7 +28,7 @@ By default, Soda Cloud establishes two notification rules on your Soda Cloud acc | Send all check alerts to the Check Owner | Soda Cloud sends all check results that fail or warn to the Soda Cloud user who created or owns an individual check. | | Send all check alerts to the Dataset Owner | Soda Cloud sends all check results that fail or warn to the Soda Cloud user who created or owns the dataset to which the checks are associated. | -Refer to [Data source, dataset, agreement, and check owners]({% link soda-cloud/roles-and-rights.md %}#data-source-dataset-agreement-and-check-owners) for details on resource ownership. +Refer to [Data source, dataset, agreement, and check owners]({% link soda-cloud/roles-global.md %}#data-source-dataset-agreement-and-check-owners) for details on resource ownership. ## Set new rules diff --git a/soda-cloud/organize-datasets.md b/soda-cloud/organize-datasets.md index 334c6a1b..38e003f0 100644 --- a/soda-cloud/organize-datasets.md +++ b/soda-cloud/organize-datasets.md @@ -22,7 +22,7 @@ Define new attributes for datasets in your organization that your colleagues can
-1. As an [Admin]({% link soda-cloud/roles-and-rights.md %}) of your Soda Cloud account, navigate to **your avatar** > **Attributes** > **New Attribute**. +1. As a user with the [permission]({% link soda-cloud/roles-global.md %}) to do so in your Soda Cloud account, navigate to **your avatar** > **Attributes** > **New Attribute**. 2. Follow the guided steps to create the new attribute. Use the details below for insight into the values to enter in the fields in the guided steps. | Field or Label | Guidance | diff --git a/soda-cloud/roles-and-rights.md b/soda-cloud/roles-and-rights.md deleted file mode 100644 index c56db988..00000000 --- a/soda-cloud/roles-and-rights.md +++ /dev/null @@ -1,257 +0,0 @@ ---- -layout: default -title: Manage account roles and permissions in Soda Cloud -description: To manage the actions of users that belong to a single organization, Soda Cloud uses roles and access permissions. Admins can access an Audit Trail of user actions. -parent: Organize, alert, investigate ---- - -# Manage account roles and permissions in Soda Cloud - -*Last modified on {% last_modified_at %}* - -To manage the actions of users that belong to a single organization, Soda Cloud uses roles, groups, and access permissions. These account-level roles and groups and their associated permissions of access enforce limits on the abilities for people to make additions and changes to organization settings and default access permissions, and to adjust the roles and permissions of others. - -See also: [Manage resource permissions in Soda Cloud]({% link soda-cloud/roles-resources.md %}) -
- -[Account-level roles and permissions](#account-level-roles-and-permissions)
- [Change account-level settings](#change-account-level-settings)
- [Default roles and permissions](#default-roles-and permissions)
- [Create custom user groups](#create-custom-user-groups)
- [Change the default access to datasets](#change-the-default-access-to-datasets)
- [Add multiple organizations](#add-multiple-organizations)
- [Access an audit trail](#access-an-audit-trail)
-[Review user licenses](#review-user-licenses)
-[Data source, dataset, agreement, and check owners](#data-source-dataset-agreement-and-check-owners)
-[Go further](#go-further)
-
- - -## Account-level roles and permissions - -Anyone with access to your organization's Soda Cloud account is known as a **user**. - -The account-level roles that define the type of access users have to your organization's Soda Cloud account are **Admin** and **User**. If you are the first user in your organization to sign up for Soda Cloud, you become the Admin for the account by default. - -The following table outlines the permissions of each account-level role. - -| Permission | Admin | User | -|--------------------------------------------------------------------------------------------------------|:-----:|:----:| -| Access the organization's Soda Cloud account as a user of the team | ✓ | ✓ | -| Invite colleagues to join the organization's Soda Cloud account as users | ✓ | ✓ | -| Set and edit notification rules | ✓ | ✓ | -| Propose no-code checks | ✓ | ✓ | -| View and manage Organization Settings for a Soda Cloud account | ✓ | | -| Change the name of the organization | ✓ | | -| Review the type of Soda Cloud Plan to which your organization subscribes | ✓ | | -| Enable global access to Soda features such as data sampling and Soda AI (preview access only) | ✓ | | -| Enable user in the account to access and use a Soda-hosted Agent | ✓ | | -| View a list of users | ✓ | | -| Review the license status of users | ✓ | | -| Grant Admin permissions to Users | ✓ | | -| Reset user passwords or deactivate users | ✓ | | -| Create and manage user groups | ✓ | | -| Set the default role for users granted access to a dataset | ✓ | | -| Adjust the default setting that automatically grants the Everyone group access to newly-added datasets | ✓ | | -| Create or edit dataset and check attributes | ✓ | | -| Establish integrations with other tools, such as with Slack | ✓ | | -| Download a CSV file of an audit trail of Soda Cloud usage | ✓ | | - -
- -### Change account-level settings - -An Admin is the only account-level role that can make changes to the **Organization Settings** and to the role assignments in the organization. Note, you can have more than one Admin associated with an organization in Soda Cloud. - -As an Admin, login to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. Use the table below as reference for the tasks you can perform within each tab. - -| Tab | Tasks | -| --- | ------ | -| **Organization** | • Adjust the name of the organization.
• Review the type of Soda Cloud Plan to which your organization subscribes.
• Adjust enablement settings for data sampling, access to a Soda-hosted Agent, and access to Soda AI features in your account. | -| **Users** | • View a list of people who have access to the Soda Cloud account.
• Review and change each user's **License** status as an **Author** or **Viewer**, their access to Admin permissions, and the user groups to which they belong.
• Reset a user's password
• Deactivate a user's account. | -| **User Groups** | Create and manage custom groups of users in your Soda Cloud organization. -| **Responsibilities** | Adjust the default settings for accessing new datasets. | -| **Integrations** | Connect Soda Cloud to your organization's Slack workspace, MS Team channel, or other third-party tool via webhook. | -| **Audit Trail** | Download a CSV file that contains user audit trail information. | - -
- -### Default roles and permissions - -When a new user accepts an invitation to join an existing organization, Soda Cloud applies the following defaults to the new user: -- the role of **User** in the organization -- membership in the **Everyone** group - -By default, all users are included in the group identity called Everyone In the context of an individual dataset, Admins and Managers can use the Everyone group when setting [responsibilities](#change-access-to-a-dataset) in a dataset. Everyone is the only default group that exists in Soda Cloud. You cannot edit membership of the Everyone group. - -
- 
-
-For example...
-For the Customers_EU dataset, Alice the Admin added the Everyone group to the dataset and assigned the group Editor privileges.
-
- When Bob joins his organization's Soda Cloud account as a User user, Soda Cloud automatically adds his name to the organization's Everyone group. Thus, Bob automatically has Editor level access to the Customers_EU dataset.
-- -By default, when a dataset's Admin or Manager grants another user or the Everyone group access to a dataset, Soda Cloud automatically assigns the new user or group the default role of Editor for the dataset. You can adjust this setting to a different default role; see [Change the default access to datasets](#change-the-default-access-to-datasets). - -
- 
-
-For example...
-When Alice the Admin adds Carlos, a user of her Soda Cloud account, to the Customers_US dataset, Soda Cloud automatically assigns him the role of Editor for that dataset.
-
-- -By default, when any user adds a new dataset to the Soda Cloud account via Soda Library, Soda Cloud *does not* assign the **Everyone** group to the dataset. You can adjust this setting to automatically assign the **Everyone** group to each newly added dataset; see [Change the default access to datasets](#change-the-default-access-to-datasets). - -
- -### Create custom user groups - -Create user groups in Soda Cloud to manage role-based permissions (**Admin**, **Manager**, **Editor**, **Viewer**) to resources. Refer to [Resource-level roles and permissions]({% link soda-cloud/roles-resources.md %}#resource-level-roles-and-permissions) for details on the permissions of each role. - -As an Admin in your Soda Cloud, navigate to **your avatar** > **Organization Settings**, then access the **User Groups** tab. Click **Create User Group**, then follow the guided steps to create a group and add individual members. Once created, assign the user group to any of the following resources. - -* Assign role-based permission to [access a dataset]({% link soda-cloud/roles-resources.md %}change-access-to-a-dataset) to user groups instead of individually setting permissions per user. -* Assign user groups as alert [notification rules]({% link soda-cloud/notif-rules.md %}#set-new-rules) recipients to make sure the right team, with the right permissions for the dataset(s), gets notified when checks warn or fail. -* Assign [dataset ownership](#change-the-dataset-owner) to groups of users instead of individuals for redundancy. -* Add a user group to a [discussion]({% link soda/quick-start-end-user.md %}#begin-a-discussion-and-propose-checks) in Soda Cloud so the whole team can review newly-proposed no-code checks. -* Add user groups as [stakeholders]({% link soda-cl/soda-cl-overview.md %}#define-sodacl-checks) in an agreement so that whole teams can collaborate on the expected state of data quality for one or more datasets. - -See also: [Sync user groups from an IdP]({% link soda-cloud/sso.md %}#sync-user-groups-from-an-idp) - -
- -#### Add multiple permissions - -If you have added a user to a group to which you have assigned a level of permission for a resource, then manually assigned a different level of permission to the individual user for a resource, the higher permission trumps the lower. - -For example, as an Admin, say you add Manny Jacinto to user group Marketing Team which has Viewer permission for Dataset_A. Then, you change Manny's individual permission for Dataset_A to Manager. Soda honors the higher level of permission, Manager, for Manny's access to Dataset_A. - -
- - -### Change the default access to datasets - -As an Admin you have the option of adjusting three default access settings: - -* By default, when a dataset's Admin or Manager grants another user or the Everyone group access to a dataset, Soda Cloud automatically assigns the new user or group the [default role of Editor for the dataset](#default-roles-for-datasets-and-checks). You can adjust this setting to a different default role. -* By default, when any user adds a new dataset to the Soda Cloud account via Soda Library, Soda Cloud *does not* assign the **Everyone** group to the dataset. You can adjust this setting to automatically assign the **Everyone** group to each newly added dataset. -* By default, Soda Cloud *does not* allow dataset owners to manage the responsibilities on the datasets they own as ownership does not enforce permissions. - -1. As an Admin, login to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. Only Admins can view Organization Settings. -2. Access the **Responsibilities** tab to adjust either of the two default settings: -* Use the dropdown to adjust the default role of new users and groups who are granted access to a dataset. -* Check the box for Soda Cloud to automatically assign the **Everyone** group to every new dataset that an Admin adds to the Soda Cloud account. -* Check the box for Soda Cloud to allow all dataset owners to manage the responsibilities for datasets they own. - -Note that by default, Soda Cloud automatically adds all new users to the organization's **Everyone** group. See [Default roles and group](#default-roles-and-groups). - -
-
- In other words, you cannot globally change the role for the Everyone group across resources. You can only change the role of Everyone by:
- a) changing it individually on an individual dataset or check.
- b) changing its default role in the Organization Settings which only applies when the Everyone group is added to a dataset or check on upload or creation. -
-
-Example of changed default settings
--
-
- As an Admin, I individually edit the Responsibilities of Datasets A, B, and C and add the Everyone group as Editor to each. -
- Then I access Organization Settings > Responsibilities and change the value of Default role when assigning a new user or group to a resource to Viewer and leave the checkbox unchecked for Automatically assign the "Everyone" group to the new resource. -
- Then, using Soda Library, I connect to a new data source, and make 20 new datasets visible in Soda Cloud. -
- Back in Soda Cloud, I see all the new datasets, and Soda Cloud automatically made me the Dataset Owner of all of them, which comes with the role of Manager. None of the new datasets have any other users that can access them at present, except Admins who can access everything. -
- Next, I edit the Responsibilities of new Datasets D, E, and F and add the Everyone group to those datasets and, because of my setting in Step 2, that group now has Viewer access to these three datasets. -
- Datasets A, B, and C still have the Everyone group assigned to them, but those “Everyone” groups still have Editor access to these specific datasets. -
- In other words, you cannot globally change the role for the Everyone group across resources. You can only change the role of Everyone by:
- a) changing it individually on an individual dataset or check.
- b) changing its default role in the Organization Settings which only applies when the Everyone group is added to a dataset or check on upload or creation. -
- - -### Add multiple organizations - -You may find it useful to set up multiple organizations in Soda Cloud so that each corresponds with a different environment in your network infrastructure, such as production, staging, and development. Such a setup makes it easy for you and your team to access multiple, independent Soda Cloud organizations using the same profile, or login credentials. - -Note that Soda Cloud associates any [API keys]({% link soda-cloud/api-keys.md %}) that you generate within an organization with both your profile *and* the organization in which you generated the keys. API keys are not interchangeable between organizations. - -Contact support@soda.io to request multiple organizations for Soda Cloud. - -
- -### Access an audit trail - -To meet your organization's regulatory and policy mandates, you can download a CSV file that contains an audit trail of activity on your Soda Cloud account for a date range you specify. The file contains details of each user's actions, their email and IP addresses, and a timestamp of the action. An Admin is the only account-level role that can access an audit trail for a Soda Cloud account. - -1. As an Admin, login to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. Only Admins can view Organization Settings. -2. Access the **Audit Trail** tab, then set the date range of usage details you wish to examine and click **Download**. - -Alternatively, you can use the [Audit Trail endpoint]({% link api-docs/reporting-api-v1.md %}#/operations/audit_trail_v0_audit_trail_get) in Soda Cloud's Reporting API to access audit trail data. - -
- - -## Review user licenses - -A few Soda Cloud legacy licensing models include a specific number of **Author** licenses for users of the Soda Cloud account. A user's license status controls whether they can make changes to any datasets, checks, and agreements in the Soda Cloud account. -* **Authors** essentially have read-write access to Soda Cloud resources and maintain the role of Admin, Manager, or Editor. -* **Viewers** essentially have read-only access to Soda Cloud resources and maintain the role of Viewer. - -1. To review the licenses that your users have, as an Admin, login to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. Only Soda Cloud Admin users can view Organization Settings. -2. Access the **Users** tab to view a list of people who have access to your Soda Cloud account, the role they have in the organization (Admin or User), and their License status (Author or Viewer). -3. Click a user's **Author** or **Viewer** label in the License column to access a **Responsibilities** window that lists the user's access to resources (datasets, agreements, and checks), the role they hold for each resource, and their license status relative to the resource. - - -## Data source, dataset, agreement, and check owners - -There are four ownership roles in Soda Cloud that identify the user that owns a data source, a dataset, an agreement, or a check. These ownership roles do not enforce any permissions or permissions on these resources, they are simply identifiers. - -* By default, the user who added the data source becomes the **Data Source Owner** and **Dataset Owner** of all datasets in that data source. The default role that Soda Cloud assigns to the Dataset Owner is that of Manager. -* By default, the user who creates an agreement becomes the **Check Owner** of all checks defined in the agreement. -* By default, the user who creates a no-code check becomes its **Check Owner**. -* By default, all Owners use an Author license. -
-
- -#### Change the Data Source Owner - -1. If you are the Admin of the organization, login to your Soda Cloud account and navigate to **your avatar** > **Data Sources**. -2. In the **Data Sources** tab, click the stacked dots to the right of the data source for which you wish to adjust the ownership, then select **Edit Datasource**. -3. In the **Assign Owner** tab, use the dropdown to select the name of another user or user group to take ownership of the data source, then **Save**. - -
- -#### Change the Dataset Owner - -1. If you are the Admin of the organization, or have a Manager role for the dataset, login to your Soda Cloud account and navigate to the **Datasets** dashboard. -2. Click the stacked dots to the right of the dataset for which you wish to adjust the ownership, then select **Edit Dataset**. -3. In the **Attributes** tab, use the dropdown to select the name of another user or user group to take ownership of the dataset, then **Save**. -4. Soda Cloud automatically assigns the role of Manager to the new Dataset Owner. - -To bulk-change the owner of all new datasets added to a data source, follow the steps to [Change the Data Source Owner](#change-the-data-source-owner) and, in step 3, use the dropdown to change the owner of all the datasets in the data source. - -
- -#### Change the Check Owner - -1. If you are the Admin of the organization, or have a Manager or Editor role for the check's dataset, login to your Soda Cloud account and navigate to the **Checks** dashboard. -2. Click the stacked dots to the right of the check for which you wish to adjust the ownership, then select **Edit Check**. -3. In the **Attributes** tab, use the dropdown to select the name of another user to take ownership of the check, then **Save**. Note that you cannot assign a user group as a check owner. - -
- -## Go further - -* Need help? Join the Soda community on Slack. -* Learn more about the relationship between resources in [Soda's architecture]({% link soda-cloud/soda-cloud-architecture.md %}). -* [Organize your datasets]({% link soda-cloud/organize-datasets.md %}) to facilitate your search for the right data. -* [Invite colleagues]({% link soda-cloud/collaborate.md %}#invite-your-team-members) to join your organization's Soda Cloud account. -* Learn more about creating and tracking [Soda Incidents]({% link soda-cloud/incidents.md %}). -
- ---- - -Was this documentation helpful? - - - - - - -{% include docs-footer.md %} diff --git a/soda-cloud/roles-dataset.md b/soda-cloud/roles-dataset.md new file mode 100644 index 00000000..3aaf78ba --- /dev/null +++ b/soda-cloud/roles-dataset.md @@ -0,0 +1,177 @@ +--- +layout: default +title: Manage dataset roles +description: Learn how to manage user access to datasets in an organization's Soda Cloud account. +parent: Organize, alert, investigate +redirect_from: + - /soda-cloud/roles-resources.html +--- + +# Manage dataset roles +*Last modified on {% last_modified_at %}* + +To manage the dataset-level permissions of users that belong to a single organization, Soda Cloud uses roles, groups, and access permissions. These role-based access permissions enforce limits on the abilities for people to make additions and changes to datasets in Soda Cloud. + +There are two type of roles that regulate permissions in Soda Cloud: **Global** and **Dataset**. You can assign each type of role to users or user groups in Soda Cloud to organize role-based access control to resources and functionality in your account. You can also customize the permissions of the out-of-the-box roles Soda Cloud includes, or you can create new roles and assign permissions to roles as you wish. + +The content that follows offers information about dataset roles. For details on terminology, global roles, custom user groups, and organizational settings, see [Manage global roles, user groups, and settings]({% link soda-cloud/roles-global.md %}#about-roles-groups-and-permissions). + + +## Dataset roles and permissions + +The out-of-the-box roles that define who has permission to access or make changes to datasets in your Soda Cloud account are **Admin**, **Manager**, **Editor**, and **Viewer**. An Admin role has all permissions to access or act upon a dataset; the following table outlines the permission groups for the remaining out-of-the-box dataset roles. + +| Permission group | Manager | Editor | Viewer | +| ---------------- | :----: | :----: |:----: | +| [View dataset](#view-dataset) | ✓ | ✓ | ✓ | +| [Access dataset
profiling
and samples](#access-dataset-profiling-and-samples) | ✓ | ✓ | ✓ | +| [Access failed
row samples
for checks](#access-failed-row-samples-for-checks) | ✓ | ✓ | ✓ | + [Configure dataset](#configure-dataset) | ✓ | ✓ | | +| [Manage dataset responsibilities](#manage-dataset-responsibilities) | ✓ | | | +| [Propose checks](#propose-checks) | ✓ | ✓ | ✓ | +| [Manage checks](#manage-checks) | ✓ | ✓ | | +| [Manage incidents](#manage-incidents) | ✓ | ✓ | ✓ | +| [Delete dataset](#delete-dataset) | ✓ | | | + +
+ +#### View dataset +This permission group cannot be removed from any of the out-of-the-box or custom dataset roles. +* View a dataset in the list on the **Datasets** page +* View a dataset's checks in the **Checks** page +* Access a dataset via API +* Access a dataset's checks via API +* View a dataset **Checks** tab +* View a dataset's **Anomalies** tab +* View a dataset's **Agreements** tab +* View a dataset's **Columns** tab, schema info only +* View the check history for a dataset's checks, though not failed row samples + +#### Access dataset profiling and samples +* View a dataset's **Columns** tab, schema and profiling info +* View a dataset's **Samples** tab + +#### Access failed row samples for checks +* View the check history for a dataset's checks, including failed row samples + +#### Configure dataset +* Edit a dataset's attributes +* Edit a dataset's profiling configuration + +#### Manage dataset responsibilities +* Edit a dataset's responsibilities [Read more](#assign-dataset-roles) + +#### Propose checks +* Select a dataset in a **New Discussion** form +* Select a dataset in an **Add Check** form +* Click **Propose Check** when creating a no-code check + +#### Manage checks +* Push a dataset's check results from Soda Library scans to Soda Cloud.
At present, Soda Cloud does not reject check results from a Soda Library scan executed by a user without "Manage checks" permission for a dataset. Instead, Soda issues a soft warning to indicate that the user does not have permission to manage checks for the dataset. In future iterations, the warning will be changed to a rejection of any results pushed without proper permissions for the dataset. +* Edit the description of a dataset's checks +* Edit the owner of a dataset's checks +* Delete a dataset's checks +* Create no-code checks for a dataset +* Edit no-code checks for a dataset +* Delete no-code checks for a dataset +* Add proposed no-code checks to a dataset + +#### Manage incidents +* Create an incident related to a dataset's check +* Update an incident related to a dataset's check +* Delete an incident related to a dataset's check + +#### Delete dataset +* Delete a dataset + +
+ + +## Create dataset roles + +You can create or edit dataset roles to assign to users or user groups in Soda Cloud. + +As a user with permission to do so, navigate to **your avatar** > **Organization Settings**, then access the **Dataset Roles** tab. Click **Add Dataset Role**, then follow the guided workflow to name a role and add permissions groups. Refer to the [table above](#dataset-roles-and-permissions) for a list of permissions groups, and their associated permissions, that you can assign to global roles. + +## Assign dataset roles + +The only out-of-the-box user group that Soda Cloud provides is called **Everyone**. When a new user accepts an invitation to join an existing Soda Cloud organization, or when they gain access to an organization via SSO, Soda Cloud applies the the global role of user in the organization and, depending on the **Responsibilities** settings, may add the new user to the Everyone user group. You cannot add users to, or remove them from the Everyone user group. To learn about how to create your own user groups, see [Manage user groups]({% link soda-cloud/roles-global.md %}#manage-user-groups). + +When setting responsibilities for newly-onboarded, or discovered, datasets, users with permissions to do so can access the **Organization Settings** to define: +* whether to add newly invited or added users to the out-of-the-box Everyone user group +* the default dataset role of the Everyone user group +* the default dataset role to assign to Dataset Owners to datasets that are onboarded in Soda Cloud + +{:height="700px" width="700px"} + +
+ +When any user uses Soda Library or Soda Cloud to add a new data source, and its datasets, to the Soda Cloud account, the user automatically becomes the Dataset Owner of each dataset in the data source. Depending upon the **Responsibilities** settings in the **Dataset Roles** tab of **Organization Settings**, the Dataset Owner is assigned a role according to the **Default Dataset Owner Role** setting. + +Beyond the default users and roles assigned to a dataset upon addition to Soda Cloud, you can edit the responsibilities for an individual dataset to make changes to the way users and user groups can access or act upon the dataset. + +1. As a user with the permission to do so, login to your Soda Cloud account and navigate to the **Datasets** dashboard. +2. Click the stacked dots to the right of the dataset for which you wish to adjust the role assignments, then select **Edit Responsibilities**. +3. Use the search bar to find specific users or user groups to which you wish to assign a role for the dataset, then use the dropdown next to each name to adjust their role, then **Save** your changes. + +If you have added a user to a group to which you have assigned a level of permission for a dataset, then manually assigned a different level of permission to the individual user for a dataset, Soda honors the higher set of permissions. + +For example, say you add Manny Jacinto to a user group called Marketing Team. For a new_signups dataset, you assign the Marketing Team the out-of-the-box role of Viewer. Then, for the same dataset, you assign Manny's individual user the out-of-the-box role of Manager. Soda honors the permissions of the higher role, Manager, for Manny's access to new_signups. + +## Data source, dataset, agreement, and check owners + +There are four types of resource owners in Soda Cloud that identify the user, or user group, that owns a data source, dataset, agreement, or check. These ownership roles do not enforce any permissions, they are simply resource metadata. + +* By default, the user who added the data source becomes the **Data Source Owner** and **Dataset Owner** of all datasets in that data source. The default [dataset role]({% link soda-cloud/roles-dataset.md %}#dataset-roles-and-permissions) that Soda Cloud assigns to the Dataset Owner is that of Manager. +* By default, the user who creates an agreement becomes the **Check Owner** of all checks defined in the agreement. +* By default, the user who creates a no-code check becomes its **Check Owner**. +* By default, all Owners use an Author license, if you use the legacy license billing model. +
+
+ +### Change the Data Source Owner + +1. With the permission to do so, login to your Soda Cloud account and navigate to **your avatar** > **Data Sources**. +2. In the **Data Sources** tab, click the stacked dots to the right of the data source for which you wish to adjust the ownership, then select **Edit Datasource**. +3. In the **Assign Owner** tab, use the dropdown to select the name of another user or user group to take ownership of the data source, then **Save**. + +
+ +### Change the Dataset Owner + +1. With the permission to do so, login to your Soda Cloud account and navigate to the **Datasets** dashboard. +2. Click the stacked dots to the right of the dataset for which you wish to adjust the ownership, then select **Edit Dataset**. +3. In the **Attributes** tab, use the dropdown to select the name of another user or user group to take ownership of the dataset, then **Save**. +4. Soda Cloud automatically assigns the role of Manager to the new Dataset Owner. + +To bulk-change the owner of all new datasets added to a data source, follow the steps to [Change the Data Source Owner](#change-the-data-source-owner) and, in the **Assign Owner** tab, use the dropdown to change the owner of *all* the datasets in the data source. + +
+ +### Change the Check Owner + +1. If you are the Admin of the organization, or have a Manager or Editor role for the check's dataset, login to your Soda Cloud account and navigate to the **Checks** dashboard. +2. Click the stacked dots to the right of the check for which you wish to adjust the ownership, then select **Edit Check**. +3. In the **Attributes** tab, use the dropdown to select the name of another user to take ownership of the check, then **Save**. Note that you cannot assign a user group as a check owner. + +
+ +## Go further + +* Need help? Join the Soda community on Slack. +* Learn more about the relationship between resources in [Soda's architecture]({% link soda-cloud/soda-cloud-architecture.md %}). +* [Organize your datasets]({% link soda-cloud/organize-datasets.md %}) to facilitate your search for the right data. +* [Invite colleagues]({% link soda-cloud/collaborate.md %}#invite-your-team-members) to join your organization's Soda Cloud account. +* Learn more about creating and tracking [Soda Incidents]({% link soda-cloud/incidents.md %}). +
+ +--- + +Was this documentation helpful? + + + + + + +{% include docs-footer.md %} \ No newline at end of file diff --git a/soda-cloud/roles-global.md b/soda-cloud/roles-global.md new file mode 100644 index 00000000..2cae3e24 --- /dev/null +++ b/soda-cloud/roles-global.md @@ -0,0 +1,173 @@ +--- +layout: default +title: Manage global roles, user groups, and settings +description: To manage the actions of users that belong to a single organization, Soda Cloud uses roles and access permissions. Admins can access an Audit Trail of user actions. +parent: Organize, alert, investigate +redirect_from: + - /soda-cloud/roles-and-rights.html +--- + +# Manage global roles, user groups, and settings + +*Last modified on {% last_modified_at %}* + +To manage the actions of users that belong to a single organization, Soda Cloud uses roles, groups, and access permissions. + +These roles and groups and their associated permissions enforce limits on the abilities for users to access or make changes to resources, or to make additions and changes to organization settings and default access permissions. + +[About roles, groups, and permissions](#about-roles-groups-and-permissions)
+[Global roles and permissions](#global-roles-and-permissions)
+[Manage organization settings](#manage-organization-settings)
+ [Add multiple organizations](#add-multiple-organizations)
+ [View users](#View-users)
+ [Manage user groups](#manage-user-groups)
+ [Manage global roles](#manage-global-roles)
+ [Access and audit trail](#access-an-audit-trail)
+[Go further](#go-further)
+
+ +## About roles, groups, and permissions + +Soda Cloud makes use of roles, groups, and permissions to manage user access to functionalities, such as alert notifications, and resources, such as datasets and data sources, in the organization. The following table defines the terminology Soda Cloud uses. + +| Term | Description | +| ---- | ----------- | +| User | Refers to anyone with access to a Soda Cloud account, or organization. Users may belong to multiple Soda Cloud organizations, as when teams set up separate organizations for staging, development, and production environments; see [Add multiple organizations](#add-multiple-organizations). You can invite a person to join your Soda Cloud account as a user (**your avatar** > **Invite Users**), or you can use an [SSO integration]({% link soda-cloud/sso.md %}) to manage your team's access to a Soda Cloud account. | +| User Group | Refers to a named collection of individual users in a Soda Cloud account. If you use an SSO integration to manage your team's access to Soda Cloud, you can optionally choose to synchronize the user groups you have defined in your identity provider (Okta, Azure AD, etc.) and assign roles to those synched user groups in Soda Cloud.| +| Role | Refers to a named set of permissions that, when assigned to a user or user group, define how the user or group may access or act upon resources or functionalities in Soda Cloud. Roles in Soda Cloud exist at either a global or dataset level. [Read more](#roles) | +| Permission | Refers to a rule that governs an activity or access as it relates to a resource or functionality in Soda Cloud. | +| Permission group | Refers to a named set of permissions. When you create a new global or dataset role in Soda Cloud, you add permission groups, instead of individual, granular permissions. For example, you can assign the permission group , "Manage scan definitions" to a custom global role called "Engineers", giving users or user groups who are assigned this role the ability to create, edit, or delete scan definitions for a data source.| +| Responsibilities | Refers to a subset of role-based access controls for newly-onboarded datasets. These settings determine inclusion in the Everyone user group and the roles Dataset Owners get for newly-onboarded datasets; see [Assign dataset roles](#assign-dataset-roles). | +| License | Refers to a legacy billing model that encourages unlimited Viewers with read-only access to Soda Cloud, and some Authors with read-write access to resources and functionality. | + +
+ +#### Roles + +There are two type of roles that regulate permissions in Soda Cloud: **Global** and **Dataset**. You can assign each type of role to users or user groups in Soda Cloud to organize role-based access control to resources and functionality in your account. You can also customize the permissions of the out-of-the-box roles Soda Cloud includes, or you can create new roles and assign permissions to roles as you wish. + +| Type of role | Description | OOTB roles | Permissions | +| ------------ | ----------- | ---------- | ----------- | +| Global | Regulates permissions to access account-level functionalities and resources such as notification rules, integrations, and scan definitions. | Admin
User | [Global roles and permissions](#global-roles-and-permissions)| +| Dataset | Regulates permissions to access, and act upon, individual datasets. | Manager
Editor
Viewer | [Dataset roles and permissions]({% link soda-cloud/roles-dataset.md %}#dataset-roles-and-permissions) | + +
+ +## Global roles and permissions + +By default, when a new user accepts an invitation to join an existing Soda Cloud organization, or when they gain access to an organization via SSO, Soda Cloud applies the the global role of **User** in the organization. If you are the first user in your organization to sign up for Soda Cloud, you become a global **Admin** for the account by default. Note, you can have more than one global Admin user in a Soda Cloud account. + +The following table outlines the permission groups for each out-of-the-box global role. + +| Permission group | Permissions | Admin | User | +|------------------| ------------|:-----:|:----:| +| Create agreements | • Create new agreements | ✓ | ✓ | +| Create new datasets
and data sources
with Soda Library | • Create datasets through Soda Library for an existing data source | ✓ | ✓ | +| Manage attributes | • Create, edit, or delete check attributes | ✓ | | +| Manage data
sources and agents | • Add, edit, or delete a new data source in Soda Cloud
• Add, edit, or delete a new data source via Soda Library
• Add, edit, or delete a self-hosted Soda agent | ✓ | | +| Manage
notification
rules | • Create, edit, or delete notification rules | ✓ | ✓ | +| Manage
organization
settings
[Read more](#manage-organization-settings) | • Manage organization settings
• Deactivate users
• Create, edit, or delete user groups
• Create, edit, or delete dataset roles
• Create, edit, or delete global roles
• Assign global roles to users or user groups
• Add, edit, or delete integrations
• Access and download the audit trail | ✓ | | +| Manage scan
definitions | • Create, edit, or delete scan definitions. | ✓ | ✓ | +| n/a 1 | • Read-write access to all agreements
• Read-write access to all datasets | ✓ | | + +1 Global admin users have these permissions, but you cannot add this nameless permission group to a custom global role. + +
+ +## Manage organization settings + +As a user with the permission to do so, login to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. Use the table below as reference for the tasks you can perform within each tab. + +| Tab | Tasks | +| --- | ------ | +| **Organization** | • Adjust the name of the organization.
• Review the type of Soda Cloud Plan to which your organization subscribes.
• Adjust enablement settings for data sampling, access to a Soda-hosted Agent, and access to Soda AI features in your account. | +| **Users** | • View a list of people who have access to the Soda Cloud account.
• Review each user's **License** status as an **Author** or **Viewer**, their access to Admin permissions, and the user groups to which they belong.
• Reset a user's password
• Deactivate a user's account. | +| **User Groups** | Create and manage custom groups of users in your Soda Cloud organization; see [Create custom user groups](#create-custom-user-groups). | +| **Global Roles** | • View create, edit, or delete out-of-the-box or custom global roles.
• View the users or user groups assigned to each global role. | +| **Dataset Roles** | • View create, edit, or delete out-of-the-box or custom dataset roles.
• View or edit the datasets that use each dataset role.
• Review or edit **Responsibilities** for newly onboarded datasets; see [Assign dataset roles]({% link soda-cloud/roles-dataset.md %}#assign-dataset-roles).| +| **Integrations** | Connect Soda Cloud to your organization's Slack workspace, MS Team channel, or other third-party tool via webhook. | +| **Audit Trail** | Download a CSV file that contains user audit trail information. | + +
+ +### Add multiple organizations + +You may find it useful to set up multiple organizations in Soda Cloud so that each corresponds with a different environment in your network infrastructure, such as production, staging, and development. Such a setup makes it easy for you and your team to access multiple, independent Soda Cloud organizations using the same profile, or login credentials. + +Note that Soda Cloud associates any [API keys]({% link soda-cloud/api-keys.md %}) that you generate within an organization with both your profile *and* the organization in which you generated the keys. API keys are not interchangeable between organizations. + +Contact support@soda.io to request multiple organizations for Soda Cloud. + +
+ +### View users + +A few Soda Cloud legacy licensing models include a specific number of **Author** licenses for users of the Soda Cloud account. A user's license status controls whether they can make changes to any datasets, checks, and agreements in the Soda Cloud account. +* **Authors** essentially have read-write access to Soda Cloud resources and functionalities, and maintain the dataset role of Admin, Manager, or Editor. +* **Viewers** essentially have read-only access to Soda Cloud resources and maintain the dataset role of Viewer. + +1. To review the licenses that your users have, as a user with permission to do so, login to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. +2. Access the **Users** tab to view a list of people who have access to your Soda Cloud account, including: +* the license each user has, if relevant +* the user groups they belong to +* if they have global Admin permissions +3. Click a user's **Author** or **Viewer** label in the License column to access a **Responsibilities** window that lists the user's access to resources (datasets, agreements, and checks), the role they hold for each resource, and their license status relative to the resource. + +
+ +### Manage user groups + +Create or edit user groups in Soda Cloud to manage global and dataset role-based permissions to resources. + +As a user with permission to do so, navigate to **your avatar** > **Organization Settings**, then access the **User Groups** tab. Click **Create User Group**, then follow the guided workflow to create a group and add individual members. Once created, assign the user group to any of the following resources. + +* In the **User Groups** tab, assign an out-of-the-box or custom global role to user groups instead of individually assigning global roles to users. +* In **Edit Dataset Responsibilities**, add a user group as a member and [assign it a dataset role]({% link soda-cloud/roles-dataset.md %}#assign-dataset-roles) to control the way users in the group access or act upon the dataset. +* Assign user groups as alert [notification rules]({% link soda-cloud/notif-rules.md %}#set-new-rules) recipients to make sure the right team, with the right permissions for the dataset(s), gets notified when checks warn or fail. +* For redundancy, assign [dataset ownership]({link soda-cloud/roles-dataset.md}#change-the-dataset-owner) to user groups instead of individual users. +* Add a user group to a [discussion]({% link soda/quick-start-end-user.md %}#begin-a-discussion-and-propose-checks) in Soda Cloud so the whole team can review newly-proposed no-code checks. +* Add user groups as [stakeholders]({% link soda-cl/soda-cl-overview.md %}#define-sodacl-checks) in an agreement so that whole teams can collaborate on the expected state of data quality for one or more datasets. + +If you use an SSO integration to manage your team's access to Soda Cloud, you can optionally choose to synchronize the user groups you have defined in your identity provider (Okta, Azure AD, etc.) and assign roles to those synched user groups in Soda Cloud. See: [Sync user groups from an IdP]({% link soda-cloud/sso.md %}#sync-user-groups-from-an-idp) + +
+ +### Manage global roles + +Create or edit global and dataset roles to assign to users or user groups in Soda Cloud. + +As a user with permission to do so, navigate to **your avatar** > **Organization Settings**, then access the **Global Roles** tab. Click **Add Global Role**, then follow the guided workflow to name a role and add permissions groups. Refer to the [table above](#global-roles-and-permissions) for a list of permissions groups, and their associated permissions, that you can assign to global roles. + +
+ +### Access an audit trail + +To meet your organization's regulatory and policy mandates, you can download a CSV file that contains an audit trail of activity on your Soda Cloud account for a date range you specify. The file contains details of each user's actions, their email and IP addresses, and a timestamp of the action. An Admin is the only account-level role that can access an audit trail for a Soda Cloud account. + +1. As a user with the permission to do so, login to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. Only Admins can view Organization Settings. +2. Access the **Audit Trail** tab, then set the date range of usage details you wish to examine and click **Download**. + +Alternatively, you can use the [Audit Trail endpoint]({% link api-docs/reporting-api-v1.md %}#/operations/audit_trail_v0_audit_trail_get) in Soda Cloud's Reporting API to access audit trail data. + +
+ + +## Go further + +* Need help? Join the Soda community on Slack. +* Learn more about the relationship between resources in [Soda's architecture]({% link soda-cloud/soda-cloud-architecture.md %}). +* [Organize your datasets]({% link soda-cloud/organize-datasets.md %}) to facilitate your search for the right data. +* [Invite colleagues]({% link soda-cloud/collaborate.md %}#invite-your-team-members) to join your organization's Soda Cloud account. +* Learn more about creating and tracking [Soda Incidents]({% link soda-cloud/incidents.md %}). +
+ +--- + +Was this documentation helpful? + + + + + + +{% include docs-footer.md %} diff --git a/soda-cloud/roles-resources.md b/soda-cloud/roles-resources.md deleted file mode 100644 index 7effea0e..00000000 --- a/soda-cloud/roles-resources.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -layout: default -title: Manage resource permissions in Soda Cloud -description: Learn how to manage user access to datasets in an organization's Soda Cloud account. -parent: Organize, alert, investigate ---- - -# Manage resource permissions in Soda Cloud -*Last modified on {% last_modified_at %}* - -To manage the resource-level permissions of users that belong to a single organization, Soda Cloud uses roles, groups, and access permissions. These role-based access permissions enforce limits on the abilities for people to make additions and changes to resources in Soda Cloud, including agents, data sources, and datasets. - -See also: [Manage account roles and permissions in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) -
- -[Resource-level roles and permissions](#resource-level-roles-and-permissions)
-[Change access to a dataset](#change-access-to-a-dataset)
- -## Resource-level roles and permissions - -Where [account-level]({% link soda-cloud/roles-and-rights.md %}) roles and permissions apply to your organization's Soda Account, the roles and access permissions described in the table below apply to the following resources in your account: - -| agents
data sources
scan definitions
datasets | checks
agreements
discussions
incidents | - -The roles that define who can make changes to resources in Soda Cloud are **Admin**, **Manager**, **Editor**, and **Viewer**. As an Admin, you can apply resource-level roles to both individual users and user groups. - -The following table outlines the permissions of each resource-level role. - -| Permissions | Admin | Manager | Editor | Viewer | -|----------------------------------------------------------------------------|:-----:|:--------:|:------:|:------:| -| Add, edit, and delete a self-hosted Soda Agent | ✓ | | | | -| Add, edit, or delete a data source via a Soda-hosted or self-hosted agent | ✓ | | | | -| Change the owner of a data source | ✓ | | | | -| Add or adjust a data source's default scan definition | ✓ | | | | -| Add a scan definition in an agreement or during no-code check creation | ✓ | ✓ | ✓ | | -| Delete a scan definition | ✓ | | | | -| Control user access to a dataset and its checks (add or remove access) | ✓ | ✓ | | | -| Change the roles of users with access to a dataset and its checks | ✓ | ✓ | | | -| Apply dataset attributes to datasets | ✓ | ✓ | ✓ | | -| Configure Soda to collect sample data for a dataset | ✓ | | | | -| Configure Soda to profile datasets in a data source | ✓ | | | | -| Activate an anomaly dashboard for a dataset (preview access only) | ✓ | ✓ | | | -| Add and edit dataset Attributes, such as Description or Tags | ✓ | ✓ | ✓ | | -| Access a dataset's page to view metadata and checks, and dataset info | ✓ | ✓ | ✓ | ✓ | -| Edit or delete a dataset | ✓ | ✓ | | | -| Run a scan | ✓ | ✓ | | | -| View scan results of checks associated with a dataset or agreement | ✓ | ✓ | ✓ | ✓ | -| Propose and test a no-code check | ✓ | ✓ | ✓ | ✓ | -| Add, edit, or delete a no-code check | ✓ | ✓ | ✓ | | -| Apply check attributes when proposing a check | ✓ | ✓ | ✓ | ✓ | -| Edit or delete individual checks associated with a dataset ingested via Soda Library | ✓ | ✓ | ✓ | | -| Access failed row samples for a check | ✓ | ✓ | ✓ | ✓ | -| Create a new agreement | ✓ | ✓ | ✓ | | -| Approve and reject agreements as a stakeholder | ✓ | ✓ | ✓ | ✓ | -| Edit an existing agreement, including adding a new scan definition | ✓ | ✓ | ✓ | | -| Apply check attributes in an agreement | ✓ | ✓ | ✓ | | -| View agreements | ✓ | ✓ | ✓ | ✓ | -| Begin or participate in a discussion | ✓ | ✓ | ✓ | ✓ | -| Close a discussion | ✓ | ✓ | ✓ | ✓ | -| Create and track incidents associated with one or more check results | ✓ | ✓ | ✓ | ✓ | -| Delete an incident | ✓ | ✓ | ✓ | | -| Create, edit, or delete a notification rule | ✓ | ✓ | ✓ | | -| Set the status of a notification rule (Active or Paused) | ✓ | ✓ | ✓ | | - -
- -## Change access to a dataset - -When any user uses Soda Library to add a new dataset to the Soda Cloud account, the user automatically becomes the Dataset Owner. The new dataset can only be accessed by an Admin and the Dataset Owner, who automatically becomes a Manager of the dataset, until the Admin or Dataset Owner changes access to the dataset to grant other users access. - -As an Admin or a Manager of a dataset, you can access the **Responsibilities** tab for an individual dataset to make changes to the default role assignments in the dataset. All users, regardless of their role assignment, can view the Responsibilities tab for a dataset. - -1. As an Admin or Manager, login to your Soda Cloud account and navigate to the **Datasets** dashboard. -2. Click the stacked dots to the right of the dataset for which you wish to adjust the role assignments, then select **Edit Dataset**. -3. In the **Responsibilities** tab, use the search bar to find specific users or user groups to which you wish to assign a role other than the default, Editor, then use the dropdown next to each name to adjust their role.
Alternatively, search for the group **everyone** and change the role of the group. - -
- -## Go further - -* Need help? Join the Soda community on Slack. -* Learn more about the relationship between resources in [Soda's architecture]({% link soda-cloud/soda-cloud-architecture.md %}). -* [Organize your datasets]({% link soda-cloud/organize-datasets.md %}) to facilitate your search for the right data. -* [Invite colleagues]({% link soda-cloud/collaborate.md %}#invite-your-team-members) to join your organization's Soda Cloud account. -* Learn more about creating and tracking [Soda Incidents]({% link soda-cloud/incidents.md %}). -
- ---- - -Was this documentation helpful? - - - - - - -{% include docs-footer.md %} \ No newline at end of file diff --git a/soda-cloud/soda-cloud-architecture.md b/soda-cloud/soda-cloud-architecture.md index 467189f1..e6e97179 100644 --- a/soda-cloud/soda-cloud-architecture.md +++ b/soda-cloud/soda-cloud-architecture.md @@ -53,7 +53,7 @@ The engineer can manage access to data sources while giving Soda Cloud end-users Soda Cloud is made up of several parts, or **resources**, that work together to define checks, execute scans, and display results that help you gauge the quality and reliability of your data. -It is helpful to understand these resources and how they relate, or connect, to each other if you are establishing [role-based access rules]({% link soda-cloud/roles-and-rights.md %}) for your organization's Soda Cloud account, or if you are planning to delete an existing resource. +It is helpful to understand these resources and how they relate, or connect, to each other if you are establishing [role-based access rules]({% link soda-cloud/roles-global.md %}) for your organization's Soda Cloud account, or if you are planning to delete an existing resource. The following diagram illustrates an example deployment of a single Soda Cloud account with two Soda Agents, each of which connects to two data sources. A Soda Cloud Administrator has also created integrations with Slack, Jira (via a webhook), and MS Teams. diff --git a/soda-cloud/sso.md b/soda-cloud/sso.md index 0f6aa175..ef97441d 100644 --- a/soda-cloud/sso.md +++ b/soda-cloud/sso.md @@ -43,9 +43,9 @@ Soda has tested and confirmed that SSO setup works with the following identity p ## SSO access to Soda Cloud -When an employee uses their SSO provider to access Soda Cloud for the first time, Soda Cloud automatically assigns the new user to roles and groups according to the [Default roles and permissions]({% link soda-cloud/roles-and-rights.md %}#default-roles-and-permissions) for any new users. Soda Cloud also notifies the Soda Cloud Admin that a new user has joined the organization, and the new user receives a message indicating that their Soda Cloud Admin was notified of their first login. A Soda Cloud Admin can adjust users' roles in Organization Settings. See [Change organization roles and settings]({% link soda-cloud/roles-and-rights.md %}#change-organization-roles-and-settings) for details. +When an employee uses their SSO provider to access Soda Cloud for the first time, Soda Cloud automatically assigns the new user to roles and groups according to the [Global roles and permissions]({% link soda-cloud/roles-global.md %}#global-roles-and-permissions) for any new users. Soda Cloud also notifies the Soda Cloud Admin that a new user has joined the organization, and the new user receives a message indicating that their Soda Cloud Admin was notified of their first login. A Soda Cloud Admin or user with the permission to do so can adjust users' roles in Organization Settings. See [Manage organization roles and settings]({% link soda-cloud/roles-global.md %}#manage-organization-roles-and-settings) for details. -When an organization's IT Admin revokes a user's access to Soda Cloud through the SSO provider, a Soda cloud Admin is responsible for updating the resources and ownerships linked to the User. Refer to [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) for details. +When an organization's IT Admin revokes a user's access to Soda Cloud through the SSO provider, a Soda Cloud Admin is responsible for updating the resources and ownerships linked to the User. Once your organization enables SSO for all Soda Cloud users, Soda Cloud blocks all non-SSO login attempts and password changes via cloud.soda.io/login. If an employee attempts a non-SSO login or attempts to change a password using "Forgot password?" on cloud.soda.io/login, Soda Cloud presents a message that explains that they must log in or change their password using their SSO provider. @@ -140,7 +140,7 @@ The values for these fields are unique to your organization and are provided to If you wish, you can choose to regularly one-way sync the user groups you have defined in your IdP into Soda Cloud. -Doing so obviates the need to manually create user groups in Soda Cloud that you have already defined in your IdP, and enables your team to select an IdP-managed user groups when assigning ownership access permissions to a resource, in addition to any user groups you may have created manually in Soda Cloud. See: [Create custom user groups]({% link soda-cloud/roles-and-rights.md %}#create-custom-user-groups) +Doing so obviates the need to manually create user groups in Soda Cloud that you have already defined in your IdP, and enables your team to select an IdP-managed user groups when assigning ownership access permissions to a resource, in addition to any user groups you may have created manually in Soda Cloud. See: [Manage user groups]({% link soda-cloud/roles-global.md %}#manage-user-groups) * Soda has tested and documented one-way syncing of user groups with Soda Cloud for Okta and Azure Active Directory. Contact Soda to request tested and documented support for other IdPs. * Soda synchronizes user groups with the IdP every time a user in your organization logs in to Soda via SSO. Soda updates the user's group membership according to the IdP user groups to which they belong at each log in. @@ -176,7 +176,7 @@ Doing so obviates the need to manually create user groups in Soda Cloud that you ## Go further * Need help? Join the Soda community on Slack. -* Learn more about [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}). +* Learn more about [Manage global roles, user groups, and settings]({% link soda-cloud/roles-global.md %}). * Learn more about creating and tracking [Incidents]({% link soda-cloud/incidents.md %}) in Soda Cloud.
diff --git a/soda-library/run-a-scan.md b/soda-library/run-a-scan.md index 43dc7bb9..2477e8b4 100644 --- a/soda-library/run-a-scan.md +++ b/soda-library/run-a-scan.md @@ -56,7 +56,7 @@ As a step in the **Get started roadmap**, this guide offers instructions to sche When you create a no-code check in Soda Cloud, one of the required fields asks that you associate the check with an existing scan definition, or that you create a new scan definition. If you wish to change a no-code check's existing scan definition: -1. As an Admin, or Manager or Editor of a dataset in which the no-code check exists, navigate to the dataset. +1. As a user with permission to do so, navigate to the dataset in which the no-code check exists. 2. From the dataset's page, locate the check you wish to adjust, and click the stacked dots at right, then select **Edit Check**. You can only edit a check via the no-code interface if it was first created as a no-code check, as indicated by the cloud icon in the **Origin** column of the table of checks. 3. Adjust the value in the **Add to Scan Definition** field as needed, then save. Soda executes the check during the next scan according to the definition you selected. @@ -108,7 +108,7 @@ If you wish to schedule a *new* scan to execute the checks in an agreement more If you wish to run a scan immediately to see the scan results for a no-code check, you can execute an ad hoc scan for a single check. -1. As an Admin, or Manager or Editor of a dataset with the no-code check you wish to execute, navigate to the dataset. +1. As a user with the permission to do so, navigate to the dataset associated with the no-code check you wish to execute. 2. In the table of checks, locate the check you wish to execute and click the stacked dots, then select **Execute Check**. Alternatively, click the check and in the check's page, click **Execute**. You can only execute an individual check if it was first created as a no-code check, as indicated by the cloud icon in the **Origin** column of the table of checks. 3. Soda executes *only* your check. @@ -413,7 +413,7 @@ scan.get_all_checks_text() You can programmatically initiate a scan your team defined in Soda Cloud using the Soda Cloud API. -If you have defined a [scan definition]({% link soda/glossary.md %}#scan-definition) in Soda Cloud, and the scan definition executes on a schedule via a self-hosted or Soda-hosted agent, and you have [Admin]({% link soda-cloud/roles-and-rights.md %}) permissions in your Soda Cloud account, you can use the API to: +If you have defined a [scan definition]({% link soda/glossary.md %}#scan-definition) in Soda Cloud, and the scan definition executes on a schedule via a self-hosted or Soda-hosted agent, and you have the [permission]({% link soda-cloud/roles-global.md %}) to do so in your Soda Cloud account, you can use the API to: * retrieve information about checks and datasets in your Soda Cloud account * execute scans * retrieve information about the state of a scan during execution @@ -432,7 +432,7 @@ Access the [Soda Cloud API]({% link api-docs/public-cloud-api-v1.md %}) document You can initiate a scan your team defined in Soda Cloud using the Soda Library CLI. -If you have defined a [scan definition]({% link soda/glossary.md %}#scan-definition) in Soda Cloud, and the scan definition executes on a schedule via a self-hosted or Soda-hosted agent, and you have [Admin]({% link soda-cloud/roles-and-rights.md %}) permissions in your Soda Cloud account, you can use Soda Library CLI to: +If you have defined a [scan definition]({% link soda/glossary.md %}#scan-definition) in Soda Cloud, and the scan definition executes on a schedule via a self-hosted or Soda-hosted agent, and you have the [permission]({% link soda-cloud/roles-global.md %}) to do so in your Soda Cloud account, you can use Soda Library CLI to: * execute a remote scan and synchronously receive logs of the scan execution result * execute a remote scan and asynchronously retrieve status and logs of the scan during, and after its execution diff --git a/soda/integrate-msteams.md b/soda/integrate-msteams.md index 845dc1e3..ded5f3de 100644 --- a/soda/integrate-msteams.md +++ b/soda/integrate-msteams.md @@ -23,7 +23,7 @@ Configure Soda Cloud to connect your account to MS Teams so that you can: If you have previously set up a Soda integration with an Office 365 connector, follow the instructions for Creating a workflow from a channel in Teams, then update the integration URL in your existing Soda <> MS Teams integration in Soda Cloud.