Access Management Overview
A brief guide to Access Management related topics in Koverse
Dataset Security and Access Control
Koverse provides fine-grained access control to datasets and even individual records and attributes within datasets.
Organizations can define groups, associate users to groups, and grant permissions to groups for system actions or dataset-specific actions.
In some cases the mapping of users to groups is defined by an external system such as Active Directory, LDAP, or another single-sign on system. If not, Koverse provides a built-in method of defining users and groups.
Regardless of how users and groups are managed, Koverse will manage the permissions granted to groups for Koverse-specific system actions and for access to datasets.
In this section we cover how to manage attributes, users, and groups.
Attributes
Koverse allows dataset owners to filter or ‘hide’ specific attributes within a dataset so that their values aren’t visible in search results. This allows organizations to protect sensitive values, such as PII (personally identifiable information) in order to comply with your organization’s data protection policy as well as regulatory policies such as HIPPA and GDPR.
Please Note:
Creating an attribute is a two-step process that is paired with the ABAC (Attribute Based Access Control) Label parser step when uploading data. Assigned attributes must match ABAC labels to work properly.
To create an attribute, under Workspace Settings, click Attributes, and this will allow you to add an attribute that matches your already defined ABAC label(s).
You’ll be able to configure the attribute name, the attribute token, as well as the option to assign any users to your attribute. You can also add a description to your attribute for internal tracking purposes.
Users and Groups
Koverse provides administrators and data owners fine grained controls over what actions users of the system can perform and what data they can see. Koverse maintains several types of permissions to enable this functionality. These are broken into two roles Admin and Member.
For instance, if a given user is allowed to create new Datasets or not. Datasets Permissions control what data is visible to which Users and what actions Users can perform with respect to a specific Dataset(such as, read/write).
Finally, Application Permissions control who can use both the built-in and custom Applications loaded in Koverse. All of these permissions are controlled at the Group level. Users inherit the permissions that have been given to the groups they belong to.
Admin Permissions allow the user system level access across the Koverse platform, while ‘Member’ access must be granted certain privileges or permissions by an Admin user.
Most User and Group management in Koverse is done through the Application. In addition to having the Manage Users & Groups Permission, a User would also need permission to use the System Administration Application.
Users with the Admin role are able to:
- View all Groups and Group membership (both Koverse and External)
- Create new Koverse Groups (externally defined Groups are automatically created)
- Modify Koverse Groups
- Delete Koverse Groups
- View all Users
- Create new Users
- Modify Users
- Delete Users