Organizations can define groups, associate users to groups, and grant permissions to groups for system actions or data set-specific actions.
In some cases the mapping of users to groups is defined by an external system such as Active Directory, LDAP, or another single-sign on system. If not, Koverse provides a built-in method of defining users and groups.
Regardless of how users and groups are managed, Koverse will manage the permissions granted to groups for Koverse-specific system actions and for access to data sets.
The permissions dashboard can be accessed by selecting your dataset of choice, clicking "Settings" in the top right, then selecting "Permissions". You can add permissions by selecting "Add Permission" in the top right of the permissions dashboard.
At the prompt, select which groups and actions you would like to grant.
You can also delete permissions by selecting the trash-can icon to the right of the permission rule.
Making a Data Set Private
A newly created data set is controlled by the user who created it, known as the ‘responsible user’. By default this user is the only user that can see that this data set exists, and this user can perform all actions on the data set.
To ensure that a data set is private and accessible only by the responsible user, remove all groups from the list on the data sets Permissions tab. Do this by clicking the trash can icon column in the permissions list for all groups
Making a Data Set Available to a Limited Group of Users
To grant specific access to a limited group of users, first add the group that you wish to allow access to by typing in the name of the group in the input box labeled ‘Search for Group’, if the group does not already appear in the permissions list.
Even though the group is now added to the permissions list, the users that belong to this will only be able to know of its existence until specific actions are granted. Select the specific actions to grant to this group from the list, which includes:
- Read: This allows members of the group to query this data set.
- Write: Members of the group can import new data to this data set and can delete existing data.
- Manage: Members of the group can grant permissions to other groups, can change the name, indexing options, and other settings for this data set.