Okera Portal for Administrators

Managing access to UI features

Admins can control access to certain UI features by granting groups access to special feature access roles – okera_workspace_role and okera_reports_role, or by granting access to certain system views.

Note These system views do not contain any data, their sole purpose is to control access.

Granting access to Workspace

To grant access to the Workspace page, simply grant the okera_workspace_role to any groups that need access to the workspace feature.

GRANT ROLE okera_workspace_role to GROUP marketing_stewards;

For more advanced role customization, you can also enable access to workspace by granting a role access to the internal okera_system.ui_workspace view. Note that this view does not contain any data, its sole purpose is to control access to Workspace.

GRANT SELECT ON TABLE okera_system.ui_workspace to ROLE steward;

Granting access to Reports Page

To grant access to the Reports page, simply grant the okera_reports_role to any groups that need access to the Reports feature.

GRANT ROLE okera_reports_role to GROUP marketing_stewards;

For more advanced role customization, you can also enable access to reporting by granting a role access to both the internal okera_system.ui_reports view as well as the okera_system.reporting_audit_logs view, so that they can query the underlying audit logs.

GRANT SELECT ON TABLE okera_system.ui_reports to ROLE steward;
GRANT SELECT ON TABLE okera_system.reporting_audit_logs to ROLE steward;

Note Users will still need to have ALL access on some datasets to actually see reports for those datasets.

User Permissions Lookup

If you have ALL access on a particular object (database or dataset), you have access to its administrative features and are considered an admin for that object.

As an Admin you will also see a user/group input box on the Permissions page next to database and dataset. Here you can input any username or group name to understand their access on an object.

Note: if the user and group name are the same, the permissions lookup will default to looking up the user.

Okera Admin Permissions page

Depending on if that user has access or not to the specified object, you will see this information:

Access Summary
Gives a quick summary on if that has user access or not, what level of access, to what data, and if they have the ability to grant or not for that object. To understand the privilege levels please see Privileges.

Dataset Details Tab
Shows the dataset details, as well as the schema as that particular user would see it.

Groups Tab
If the user has access, this tab shows the list of groups responsible for that user’s access to the specified database or dataset.

Database Tab
Shows that user’s access to the specified database. If the user only has access to specific datasets inside that database, it will show you a list of these.

Clicking on one of these datasets then shows the list of groups responsible for access to that specified database or dataset.

Permissions Tab
Shows the full list of groups that have access to the specified database or dataset. Any group not in the available list has no access to the specified database or dataset.

Attribute Expressions
In any detail section for groups providing access, if some attributes are granting access per Attribute Based Access Control, you will see those expressions listed alongside the role specified in the grant:

Okera Attribute Permissions