Permissions specify the access levels and conditions for structured and unstructured data objects registered in Okera. When applied to Okera roles, they represent an Okera policy for the role.
Admins can view and maintain (add, edit, delete) all permissions by default. For a non-admin user to view and manage permissions, two conditions must be met.
The user must have
GRANTauthorization for at least one data object. You can give a user
GRANTauthorization by selecting the Include ability to grant checkbox when creating a permission.
The user's group must be assigned to a role with the ability to maintain permissions.
Users with the ability to manage permissions see a Permissions tab for the database, dataset, and URI detail pages.
For databases and datasets, the Permissions tab lists all the roles with access to the relevant object. For unstructured data URIs, the Files page for the URI lists all the roles with access to it. In both cases, the role list shows the groups assigned to each role as well as the access levels, permission conditions and warnings applied to the role for the data object. It also indicates whether the permission is enabled or disabled for a role.
Select a role name to view it in the Roles page and see its full permissions.
Note: Some permissions may be direct (a role has been granted access directly to this data object), while others may be inherited (a role has access to the entire data catalog, and thus has access to this data object by default).