Version:

Security (User/Role Management)

All of your user and role management can be completed using GAdmin.

Important

The Security section is only available to users with the System Admin permission.

Users

The Users page lists the users in the system, whether they're internal or externally authenticated, and a brief window into their access rights.

../_images/security_users.png

Creating Users

When Kinetica has been configured to authenticate and/or authorize users, user accounts can be created to allow access based on specific needs. See Security Configuration for details on different use cases.

../_images/security_users_create.png

To create a new account:

  1. From Security ‣ Users, click Create under Users on the left-hand menu or New above the user list.

  2. Select the type of Authentication. More information on the authentication types can be found on Security Concepts.

  3. Type the username into the User field and the password into the Password field meeting the password strength requirements listed. Additional requirement details can be found on Security Concepts

    Important

    Passwords are required for Internal users only

  4. Type the password again in the Confirm Password field.

  5. Add or remove selected roles as necessary in the Member of Roles section:

    • Add: Click a role in the Available Roles list and then click Add >>.
    • Remove: Click a role in the Selected Roles list and then click << Remove.
  6. Select a system-level permission as necessary from the System Level Permission drop-down menu.

  7. From the Table Level Permissions section, access to individual database tables & views can be managed. The permission-to-table association will be displayed below the selection boxes, and the Effective Permissions table will be updated accordingly. Note that the Table Admin permission allows a user to delete, insert, read, and update the table.

    • Add: Select a table in the left list and a permission in the right list, and then click Add.
    • Remove: Select an existing table-permission association in the list of active permissions and click Remove.

    table-level-permissions

  8. Select a Resource Group from the drop-down menu. Consult Resource for more information on configuring resource groups in GAdmin.

  9. Click Create.

Editing User Permissions

Existing users can have their permissions updated. To edit a user's permissions:

  1. From Security ‣ Users, select a user to edit and click Edit.
  2. Add or remove selected roles as necessary in the Member of Roles section:
    • Add: Click a role in the Available Roles list and then click Add >>.
    • Remove: Click a role in the Selected Roles list and then click << Remove.
  3. Update the user's system level permission by selecting a new option from the System Level Permission drop-down menu.
  4. From the Table Level Permissions section, access to individual database tables & views can be managed. The permission-to-table association will be displayed below the selection boxes, and the Effective Permissions table will be updated accordingly. Note that the Table Admin permission allows the user to delete, insert, read, and update the table.
    • Add: Select a table in the left list and a permission in the right list, and then click Add.
    • Remove: Select an existing table-permission association in the list of active permissions and click Remove.
  5. Click Save.

Changing Passwords

Existing users can have their passwords changed by an System Admin users. To change a users's password:

  1. From Security ‣ Users, select a user whose password will be changed and click Change Password
  2. Type the password into the New Password field, meeting the password strength requirements listed. Additional requirement details can be found on Security Concepts
  3. Type the password again in the Confirm Password field
  4. Click Save.
../_images/security_users_changepass.png

Deleting Users

An administrator can also delete a user from the database. This will not remove any database objects created by the user (collections, tables, groups, etc.), nor will it remove the user from any external user store (LDAP, etc.).

To delete a user:

  1. From Security ‣ Users, select a user to delete and click Delete.
  2. At the Delete User prompt, click Remove.

Roles

The Roles page lists the roles in the system, the role memberships (both containing & contained), and a brief window into their permissions.

../_images/security_roles.png

Creating Roles

When Kinetica has been configured to authenticate and/or authorize users, user accounts can be created to allow access based on specific needs. See Security Configuration for details on different use cases.

../_images/security_roles_create.png

To create a new role:

  1. From Security ‣ Roles, click Create under Roles on the left-hand menu or New above the role list.

  2. Type a name for the role into the Role field. Additional requirement details can be found on Security Concepts

  3. Select a system-level permission as necessary from the System Level Permission drop-down menu.

  4. From the Table Level Permissions section, access to individual database tables & views can be managed. The permission-to-table association will be displayed below the selection boxes, and the Effective Permissions table will be updated accordingly. Note that the Table Admin permission allows a user to delete, insert, read, and update the table.

    • Add: Select a table in the left list and a permission in the right list, and then click Add.
    • Remove: Select an existing table-permission association in the list of active permissions and click Remove.

    table-level-permissions

  5. In the Members section, add members (users and/or roles) to a role:

    • Add: Click a role in the Available list and then click Add >>.
    • Remove: Click a role in the Selected list and then click << Remove.
  6. Click Create.

Editing Roles

Existing roles can have their permissions updated. To edit a role's permissions:

  1. From Security ‣ Roles, select a role to edit and click Edit.
  2. Select a system-level permission as necessary from the System Level Permission drop-down menu.
  3. From the Table Level Permissions section, access to individual database tables & views can be managed. The permission-to-table association will be displayed below the selection boxes, and the Effective Permissions table will be updated accordingly. Note that the Table Admin permission allows a user to delete, insert, read, and update the table.
    • Add: Select a table in the left list and a permission in the right list, and then click Add.
    • Remove: Select an existing table-permission association in the list of active permissions and click Remove.
  4. In the Members section, add members (users and/or roles) to a role:
    • Add: Click a role in the Available list and then click Add >>.
    • Remove: Click a role in the Selected list and then click << Remove.
  5. Click Save.

Deleting Roles

An administrator can also delete a role from the database. This disassociates the role from any users or other roles that are currently associated with it. Roles in any associated external user stores (LDAP, etc.) will be unaffected.

To delete a role:

  1. From Security ‣ Roles, select a role to delete and click Delete.
  2. At the Delete Role prompt, click Remove.