Okera Portal for Administrators¶
Okera Portal System Settings¶
Admins can change system settings for the Okera Portal via Okera's configuration system, see Configuration. The Okera Portal settings are:
CLUSTER_LABEL: a text label that will be shown in the UI navigation section to indicate this cluster's purpose to end users
UI_TIMEOUT_MS: the number of milliseconds (maximum
60000, or 60 seconds) the UI will wait before canceling requests. Defaults to
30000milliseconds (30 seconds)
Configuring the UI timeout¶
If many pages in the Okera Portal report timeout errors during basic interactions, it may be a good idea to increase the UI timeout.
This can be done by setting the
UI_TIMEOUT_MS configuration to a higher number, for example
60000 (1 minute).
This value can be configured via
okctl: see Configuration
Increasing the UI timeout may not always work as desired: if a request is bound to take a long time, end users will simply have to wait longer before seeing a timeout error appear.
Managing access to UI features¶
Admins can control access to certain UI features by granting groups access to special feature access roles –
okera_reports_role, or by granting access to certain system views.
These system views do not contain any data, their sole purpose is to control access.
Granting access to Workspace¶
To grant access to the Workspace page, simply grant the
okera_workspace_role to any groups that need access to the workspace feature.
GRANT ROLE okera_workspace_role to GROUP marketing_stewards;
For more advanced role customization, you can also enable access to workspace by granting a role access to the internal
okera_system.ui_workspace view. Note that this view does not contain any data, its sole purpose is to control access to Workspace.
GRANT SELECT ON TABLE okera_system.ui_workspace to ROLE steward;
Granting access to Reports Page¶
To grant access to the Reports page, simply grant the
okera_reports_role to any groups that need access to the Reports feature.
GRANT ROLE okera_reports_role to GROUP marketing_stewards;
For more advanced role customization, you can also enable access to reporting by granting a role access to both the internal
okera_system.ui_reports view as well as the
okera_system.reporting_audit_logs view, so that they can query the underlying audit logs.
GRANT SELECT ON TABLE okera_system.ui_reports to ROLE steward; GRANT SELECT ON TABLE okera_system.reporting_audit_logs to ROLE steward;
Users will still need to have SELECT access on some datasets to actually see reports for those datasets.
Granting access to Roles Page¶
To grant access to the Roles Page, simply grant the
okera_policy_management_role to any groups that need access to the Policy Management feature.
GRANT ROLE okera_policy_management_role to GROUP marketing_stewards;