Version:

Table Of Contents

  1. Docs
  2. Installation & Configuration
  3. Administration
  4. Kinetica Administration Application (GAdmin)
  5. Security (User/Role Management)

Security (User/Role Management)

All of your user and role management can be completed using GAdmin.

Users

The Users page lists the users in the system, whether they're internal or externally authenticated, and a brief window into their access rights.

../_images/security_users.png

Creating Users

When Kinetica has been configured to authenticate and/or authorize users, user accounts can be created to allow access based on specific needs. See Security Configuration for details on different use cases.

../_images/security_users_create.png

To create a new account:

  1. Log into GAdmin with an system admin account.

  2. From the Security menu, click Users.

  3. Click Create under Users on the left-hand menu or New above the user list.

  4. Select the type of Authentication. It's important to note that External users are authenticated using an LDAP server (or Microsoft Active Directory, etc.), so the username has to be duplicated in Kinetica but with an @ prepended, e.g., @user1. More information on the authentication types can be found on Security Concepts.

  5. Type the username into the User field and the password into the Password field (passwords are required for Internal users only) meeting the password strength requirements listed.

  6. Type the password again in the Confirm Password field.

  7. Add or remove selected roles as necessary in the Member of Roles section:

    • Add: Click a role in the Available Roles list and then click Add >>.
    • Remove: Click a role in the Selected Roles list and then click << Remove.

  8. Select a system-level permission as necessary from the System Level Permission drop-down menu.

  9. From the Table Level Permissions section, access to individual database tables & views can be managed. The permission-to-table association will be displayed below the selection boxes, and the Effective Permissions table will be updated accordingly. Note that the Table Admin permission allows a user to delete, insert, read, and update the table.

    • Add: Select a table in the left list and a permission in the right list, and then click Add.
    • Remove: Select an existing table-permission association in the list of active permissions and click Remove.

    table-level-permissions

  10. Click Create.

Editing User Permissions

Existing users can have their permissions updated. To edit a user's permissions:

  1. Log into GAdmin with an system admin account.
  2. From the Security menu, click Users.
  3. From the list of users, select a user to edit and click Edit.
  4. Add or remove selected roles as necessary in the Member of Roles section:
    • Add: Click a role in the Available Roles list and then click Add >>.
    • Remove: Click a role in the Selected Roles list and then click << Remove.
  5. Update the user's system level permission by selecting a new option from the System Level Permission drop-down menu.
  6. From the Table Level Permissions section, access to individual database tables & views can be managed. The permission-to-table association will be displayed below the selection boxes, and the Effective Permissions table will be updated accordingly. Note that the Table Admin permission allows the user to delete, insert, read, and update the table.
    • Add: Select a table in the left list and a permission in the right list, and then click Add.
    • Remove: Select an existing table-permission association in the list of active permissions and click Remove.
  7. Click Save.

Changing Passwords

An administrator can change a user's password, if the need arises.

../_images/security_users_changepass.png

To change a users's password:

  1. Log into GAdmin with an system admin account.
  2. From the Security menu, click Users.
  3. From the list of users, select a user whose password will be changed and click Change Password.
  4. Type the password into the New Password field, meeting the password strength requirements listed.
  5. Type the password again in the Confirm Password field.
  6. Click Save.

Deleting Users

An administrator can also delete a user from the database. This will not remove any database objects created by the user (collections, tables, groups, etc.), nor will it remove the user from any external user store (LDAP, etc.).

To delete a user:

  1. Log into GAdmin with an system admin account.
  2. From the Security menu, click Users.
  3. From the list of users, select a user to delete and click Delete.
  4. At the Delete User prompt, click Remove.

Roles

The Roles page lists the roles in the system, the role memberships (both containing & contained), and a brief window into their permissions.

../_images/security_roles.png

Creating Roles

When Kinetica has been configured to authenticate and/or authorize users, user accounts can be created to allow access based on specific needs. See Security Configuration for details on different use cases.

../_images/security_roles_create.png

To create a new role:

  1. Log into Kinetica with an system admin account.

  2. From the Security menu, click Roles.

  3. Click Create under Roles on the left-hand menu or New above the role list.

  4. Type a name for the role into the Role field.

  5. Select a system-level permission as necessary from the System Level Permission drop-down menu.

  6. From the Table Level Permissions section, access to individual database tables & views can be managed. The permission-to-table association will be displayed below the selection boxes, and the Effective Permissions table will be updated accordingly. Note that the Table Admin permission allows a user to delete, insert, read, and update the table.

    • Add: Select a table in the left list and a permission in the right list, and then click Add.
    • Remove: Select an existing table-permission association in the list of active permissions and click Remove.

    table-level-permissions

  7. In the Members section, add members (users and/or roles) to a role:

    • Add: Click a role in the Available list and then click Add >>.
    • Remove: Click a role in the Selected list and then click << Remove.

  8. Click Create.

Editing Roles

Existing roles can have their permissions updated. To edit a role's permissions:

  1. Log into GAdmin with an system admin account.
  2. From the Security menu, click Roles.
  3. From the list of roles, select a role to edit and click Edit.
  4. Select a system-level permission as necessary from the System Level Permission drop-down menu.
  5. From the Table Level Permissions section, access to individual database tables & views can be managed. The permission-to-table association will be displayed below the selection boxes, and the Effective Permissions table will be updated accordingly. Note that the Table Admin permission allows a user to delete, insert, read, and update the table.
    • Add: Select a table in the left list and a permission in the right list, and then click Add.
    • Remove: Select an existing table-permission association in the list of active permissions and click Remove.
  6. In the Members section, add members (users and/or roles) to a role:
    • Add: Click a role in the Available list and then click Add >>.
    • Remove: Click a role in the Selected list and then click << Remove.
  7. Click Save.

Deleting Roles

An administrator can also delete a role from the database. This disassociates the role from any users or other roles that are currently associated with it. Roles in any associated external user stores (LDAP, etc.) will be unaffected.

To delete a role:

  1. Log into GAdmin with an system admin account.
  2. From the Security menu, click Roles.
  3. From the list of roles, select a role to delete and click Delete.
  4. At the Delete Role prompt, click Remove.
© Copyright 2016, Kinetica. Created using Sphinx.