Document toolboxDocument toolbox

Privileges

Applies to: Kyvos Enterprise  Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace

Kyvos Azure Marketplace   Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)


Privileges enable the Administrator to grant granular and specific privileges for different activities to different users.

Additionally, the administrator can assign privileges for admin activities like:

  • User management (users, groups, roles, import LDAP users) 

  • Connection  

  • License management 

  • Resource allocation 

  • Cluster Scheduling 

  • Cluster Usage monitoring 

  • Monitor different processes, process jobs, and queries 

  • Notifications Subscription 

When you are viewing or editing a role, click the Expand All icon at the top of the Roles window to view all of the privileges. Or, you can expand a single section.

Hover the cursor over an option within a category to view details about that option.  For example, under the semantic models section, you can hover the cursor over Manage Jobs to learn what that privilege allows a user to do. Most are self-explanatory, but a few need further explanation.

  • Execute means you can use that type of object (dataset, semantic model, etc.) as the input object for a step but not view it directly or modify it. For example, you can use the a semantic model to create a workbook, but you can't view the semantic model or modify it.

  • Notification privileges let you specify by a group who can provide inputs for global events and who can subscribe other users to specific types of notifications. If a user is a member of a group with specific notification privileges set, they will receive those notifications without having to subscribe themselves or having someone subscribe to each individual. They have the option to unsubscribe themselves.

  • SQL Impersonation is required for impersonation from Tableau via the SQL interface. If you are not using the data with Tableau, this privilege isn't needed.

When you click some privileges, others are automatically granted. For example, when you click Modify under semantic models, View is automatically also granted. 

The following table enlists the details of all the privileges available in the system.

Privilege group

Privilege

Description

User Management

View

Allows the user to view user configuration information.

Modify

Allows the user to modify user configuration information.

Connection Management



View

Allows the user to view connection properties and configurations

Modify

Allows the user to modify connection properties and configurations

License Management

View

Allows the user to view the license.

Upload

Allows the user to upload a license.

Resource Allocation

View

Allows the user to allocate resources.

Modify

Allows the user to modify resource allocations.

Import and Export Objects

Import objects

Allows the user to import the system entities.

Export objects

Allows the user to export the system entities.

Monitor

View overview

Allows the user to view the overall health of the system

View jobs and queries

Allows the user to view the running jobs and queries.

Cancel jobs and queries

Allows the user to cancel running jobs and queries.

View the active users' list

Allows the user to check currently logged-in users.

View Kyvos engine state

Allows the user to view the current state of the Kyvos engine.

View audit logs

Allows the user to monitor user and system activities.

Files

View

Allows the user to view the files.

Modify

Allows the user to modify the files.

Add folder

Allows the user to add a folder for files.

Manage jobs

Allows the user to schedule data profiling jobs for the files.

Share

Allows the user to grant access permissions on files.

Execute

Allows the user to use the files in transformations or relationships.

Transformations

View

Allows the user to view the transformations. 

Modify

Allows the user to modify the transformations.

Add folder

Allows the user to add a folder for transformations.

Manage jobs

Allows the user to schedule different jobs for the transformations.

Share

Allows the user to grant access permissions on transformations.

Execute

Allows the user to use the datasets in relationships.

Relationships

View

Allows the user to view relationships.

Modify

Allows the user to modify relationships.

Add folder

Allows the user to add a folder for relationships.

Share

Allows the user to grant access permissions on relationships.

Execute

Allows the user to use relationships in semantic models.

Semantic models

View

Allows the user to view semantic models.

Modify

Allows the user to modify semantic models.

Add folder

Allows the user to add folder semantic models.

Manage jobs

Allows the user to schedule jobs for semantic models.

Data security

Allows the user to set data security rules for users and groups.

Cache rules

Allows the user to set rules for controlling cache repopulation.

Export semantic model metadata

Allows the users to export semantic model metadata.

Drill through

Allows the user to view the drill-through reports.

Share

Allows the user to grant access permissions on semantic models.

Execute

Allows the user to use the semantic models in worksheets.

Advanced System Properties**

Allows non-admin users to use application-level advanced properties that require admin access.

Workbooks

View

Allows the user to view workbooks.

Modify

Allows the user to modify workbooks.

Add folder

Allows the user to add a folder for workbooks.

Share

Allows the user to grant access permissions on workbooks.

Export

Allows the user to export workbooks/worksheets.

Notifications

Admin

Allows the user to manage notifications.

System events

Allows the user to get the notification for system events.

Entity modify

Allows the user to get a notification when an entity is modified.

Semantic model process start

Allows the user to get a notification when a semantic model process starts.

Semantic model process failure

Allows the user to get a notification when a semantic model process fails.

Semantic model processsuccess

Allows the user to get a notification when a semantic model process succeeds.

Transformation process start

Allows the user to get a notification when a transformation process starts.

Transformation process failure

Allows the user to get a notification when a transformation process fails.

Transformation process  success

Allows the user to get a notification when a transformation process succeeds.

SQL impersonation



Allows user impersonation while using Tableau's initial SQL feature.

Note

**The Advance System Properties privilege allows users to modify the following admin access properties: 

  • kyvos.cuboid.replication.type

  • kyvos.query.cuboidcache.strategy

  • kyvos.query.resultcache.strategy

  • kyvos.query.cuboidcache.compression

  • kyvos.query.dfsread.retryonerror.count

  • kyvos.query.dfsread.verifychecksum

  • kyvos.query.resultcache.lookup.strategy

  • kyvos.cuboid.replication.factor

  • Kyvos.query.cuboidcache.tier


Related topics

Copyright Kyvos, Inc. All rights reserved.