Users, Teams & Permissions
- To create new Users and/or Teams in a particular Data Service User Admin or Super Admin permission are required for that Data Service.
- An email address is required when adding a user to the Ascend environment.
- Ascend uses Azure AD, Google and Okta to authenticate users for login. Before first-time login, all user accounts must be configured in either Azure AD, Google or Okta.
Permissions in Ascend
There are 5 available permissions within Ascend:
- Member: Allows a user to access the Data Service, but not any Dataflow.
- Read Only: Allows a user to access the Data Service and see all data Dataflows, but not make any changes.
- Data Admin: Allows a user to access the Data Service, see all the data Dataflows and make any changes.
- User Admin: Allows a user to manage users, teams and permissions within the Data Service and the Dataflows.
- Super Admin: Allows the user both Data Admin and User Admin permissions.
- A user can have one or more of the above permissions
- A user will have Super Admin permission for the Dataflow he/she created, regardless of their permissions for that particular Data Service
- Ascend uses a whitelist instead of a blacklist. For example, if User1 is part of the Data Engineer team that has the Data Admin permission, but also User1 is Super Admin for Dataflow A, then User1 will have all permissions for Dataflow A regardless of them being in the Data Engineer team.
Create users/teams and assign permissions
Invite New Users & Assign Permissions
Create new users on Ascend by inviting them to log in.
- Select data service settings in the data service that you are inviting users to.
- Click "Members" and then "Invite New Members"
- Enter the user's email address, display name and assign one of the available permissions. Click the INVITE button. The user will shortly receive an email with a link that will take them directly into the Ascend environment. Once invited, they are automatically added to the system. They do not need to accept the invite to activate the user account.
Create New Team & Assign Permissions
The default team in Ascend is Everyone. All users will be added to the Everyone team by default.
There are 3 steps to create a new team:
- Go to the Teams tab on the top bar.
Click the ADD A NEW TEAM button.
Give your new team a name, add one or more users, and assign one of the available permissions. Click the ADD button when ready. In this example, we created a Data Engineers team.
Best Practices for managing users, teams and permissions
- Bulk changing of permissions: Assign permissions to teams first, then add users to the teams, instead of assigning permissions directly to users. This allows quicker and easier changing of permissions for a group of users versus individually.
- Maintain a team with Read Only permission for production Dataflows. This allows anyone who only needs read access to production Dataflows to be added to the Read Only team to prevent inadvertent changes to the Dataflow.
Updated over 2 years ago