Skip to content

Users, Groups, Roles

Access Manager: Users/Groups/Roles is for managing data access users, groups, and roles. Data access users are users of data stored in data repositories.  (Data access users are not the same as portal users. Portal users are sets of identity credentials that can use the PrivaceraCloud portal. Portal Users are managed in Settings: User Management.)

User Interface#

Users (tab)#

Data access users are identified in the creation and definition of Resource Policies.  Users can be included or excluded specifically or in groups for allowed or denied access 

  • User Source value reflects the method of their creation or import (source).

    • Internal users were created within your PrivaceraCloud account. Users: admin, rangerusersync, keyadmin, rangertagsync, and {OWNER}'  are automatically created on account creation. Additional Internal users can also be created in this dialog using the   +Add  button dialog.

    • External users can be:

      • A data access user with the same username as the first 'Administrator'/ Portal user.

      • A service user; A service user is automatically created by PrivaceraCloud for each created data resource service and are named for the service (e.g. hive, s3, ...); Service names are reserved names and can not be used when creating a new non-service user. 

      • Users imported via User Sync with an LDAP or Active Directory. 
        See Data Access User Sync ("User Sync") with AD/LDAP for information on importing users.

  • Visibility indicates if a user is listed or available when creating or editing a Policy in Access Manager: Resource Policies. If a user is Visible, the user can be found and selected under "Select User".  If a user is Hidden, they will not be selectable. This is useful when your account has been synchronized with a user directory with a large number of users. Visibility can be set by selecting a user object row (on the left side of the table, and using the Visibility action (between +Add and Delete).

  • User Role applies to individual data access users and is one of {'User, Admin, 'Auditor, or KeyAdmin'}.  

Use the Search control to limit displayed objects those matching a specific value.  First select a column name, then a value. The table will be filtered to show only to those objects that match the value. 

User objects can be added, edited, or deleted. 

Groups (tab)#

Groups associate Users together.  Users can be members of more than one group. Similar to User objects, Groups are identified in the creation and definition of Resource Policies.  Groups may be included or excluded specifically or in association with other groups for allowed or denied access 

As with Users, Groups can be added, deleted, or edited;  User Source is assigned Internal and External as with Users;  visibility can be assigned or removed with similar actions. 

The Search bar works in the same way as the search bar in the User tab. 

Roles (tab)#

Roles created under this Roles tab are custom user defined roles used to associate of Users, Groups, and other Roles, for use when defining Data Access policies. Note that these custom Roles are differ from data access user imported roles and portal user roles.

Click  +Add New Role to create a new custom Role. Name the Role and add an optional description. Add Users, Groups, or other custom Roles to this new custom Role. At least one User, Group, or custom Role must be selected. The user interface here provides selection boxes each for Users, Groups, and Roles. Use the dropdown to select one or more of each. Once these are selected, Click Add User, Add Group, or Add Rule, respectively. That will add the selected User(s), Group(s), or Role(s) to a table below each selection box.

Optionally, in the table under the column "Is Role Admin", set one or more of an existing User, Group, or Role, to be a Role administrator. 


Last update: August 19, 2021