Managing access to UI features¶
In general, users will get access to most UI features based on their permissions on related objects.
For example users who have access to create and manage any
ROLE object will see the roles page in the UI.
These UI features may require additional configuration:
- Reports Page
- Users Page
Admins can control access to these UI features by granting groups access to the special feature access roles – e.g.
Access to Reports¶
Users will automatically get access to the Reports page if they are granted
VIEW_AUDIT on any data objects.
However they will also need to be granted access to the Okera audit logs view in order to use the Reports page and query the underlying audit logs.
Note that users with access to reports will only see audit logs for the objects they have been granted
In the example below, any user with the
marketing_steward_role will only see reports on access to the
GRANT VIEW_AUDIT on database marketing to ROLE marketing_steward_role; GRANT SELECT ON TABLE okera_system.reporting_audit_logs to ROLE marketing_steward_role;
Access to Users¶
To grant access to the Users page, simply grant the
okera_user_details_role to any users or groups that need access.
GRANT ROLE okera_user_details_role to GROUP marketing_stewards;
Access to Workspace¶
By default, access to the Okera Workspace will be granted to all users (it is granted to `okera_public_role').
If you wish to limit access to Workspace only to specific users:
- Revoke access to Workspace by removing it
okera_public_role. You can do this from the Roles UI or by running the DDL:
REVOKE SELECT ON TABLE okera_system.ui_workspace from ROLE okera_public_role;
- Edit your cluster configuration, and set the value of
You can then grant the
okera_workspace_role to any specific groups or users that you want to have access to the workspace feature.