You can create “Organizational Units” (OU) and “Customer Units” (CU) in the LDAP directory. For a new project, before creating a user (CU), it is recommended to create an OU.
OUs allow for the logical grouping and organization of users within the LDAP directory. Each OU typically represents a specific category, department, or project.
Login into the LDAP directory with your credentials. On the phpLDAPadmin default dashboard page, locate the domain components on the left corner and click on the "+" icon. Now, select "Create new entry here".
Choose "Generic: Organizational Unit" as the template for creating the object.
“Create Object” refers to the process of creating a new object, that is, organizational unit or user account. “Create Entry” refers to establishing a new entry in the LDAP directory that represents the created object.
In the main pane, provide the name of the organizational unit, typically representing the entire project.
For example, if a project were named Wasatch Ski, the OU name should be “tathya-wasatch-ski”.
Click on the "Create Object" button and confirm the creation of the entry by clicking on "Commit".
You have now successfully created an OU that represents the specific project.
In the LDAP directory, navigate to the newly created Organizational Unit ("tathya-wasatch-ski" in our example). Below the OU, click on “Create new entry here” to add a user.
In the main pane, click on "Create a child entry" and then select "Generic User Account" as the template for creating the user account.
Input user details such as First and Last Name, Common Name, UserID, Password, UID Number, GID Number, and Login Shell.
First and Last Name: The first and last name of the user that you want to log in to on Tathya.
Common Name: Common Name (CN) is the full name of the user.
A preferred CN would be “firstn.lastn” and it is recommend to keep all the initials in lowercase. This is the same ID that will be used on Tathya for login.
UserID: UserID is an auto-generated unique identifier for the user. It serves as a key attribute for identifying and distinguishing each user within the LDAP directory.
Password: The Password is a secure string of characters chosen by the user to authenticate and access the LDAP.
This is the same password that will be used on Tathya for login.
GID Number: The GID number defines a search space where administrators or developers can perform LDAP searches specifically targeted to retrieve information related to various accounts.
There would be two options displayed “Users” and “Admin”. When creating user accounts for a project, select the "Users" option.
Login Shell: The Login shell is the shell or program the user interacts with after login. It influences the user's experience after logging in, defining the command-line environment.
We usually choose “Bash” (Bourne Again SHell) as the login shell. If a user's login shell is set to Bash, their interaction with the system after logging in will involve the Bash command-line interface.
Once you enter all the details, click on the "Create Object" button and confirm the creation of the entry by clicking on "Commit".
You have now successfully created a user in the LDAP directory. These user credentials can be used on Tathya for an automated login.
To add additional users under an OU, follow the same steps and create a child entry for each new user.
User permissions in Tathya determine the level of access and actions granted to individual users within the system. These permissions are categorized into various roles, each with specific functionalities and access levels.
Clients have access to multiple predefined dashboards to review their performance on a daily, weekly, or monthly basis. They are granted HotwaxBasicPermission with their specific Dashboard permission to view their designated dashboard but are restricted from editing or creating any dashboards. All data within the dashboard is interlinked, so any discrepancies will be promptly reflected in the dashboard. If a client wishes to make changes to the dashboard, they can communicate with Hotwax Support.
For internal users, we generally provide two types of permissions:
Basic Business Analyst Permission: Grants access to create their chart dashboards and view any existing ones. However, users with this permission do not have default access to the SQL lab, nor can they view any draft dashboards or charts, nor edit other owners' charts. If we add SQL permission to the Basic Business Analyst permission, users gain access to the SQL lab that allows them to save queries and view query history.
SuperBusinessAnalyst Permission: Grants access to more advanced users familiar with dashboard reporting. Users with this permission can access the SQL lab by default but cannot edit dashboards or reports owned by others without explicit permission. If they wish to edit another user's chart, they must request the admin or creator to include them in the owners' section of the chart/dashboard.
Note: SuperBusinessAnalyst users can request Admin Permission, which grants them access to all permissions except for creating and managing users and their roles. This permission allows them to edit dashboards or reports owned by others.
Admin users in Tathya hold the highest level of access, responsible for system management and administration. Admin users have all the SuperBusinessAnalyst permissions along with access to view and edit charts owned by others. Furthermore, they have authority over various aspects, including managing user registrations, handling access requests, and organizing data through tagging for efficient categorization. Additionally, admins oversee role management, which involves editing, deleting, adding, and listing dashboards, charts, and reports of other users and their draft dashboards.
Access to Dashboard Menu
YES
YES
YES
YES
YES
Access to Draft Dashboards
NO
NO
NO
YES
YES
Create Charts/Dashboards/Reports
NO
YES
YES
YES
YES
Edit Anyone Charts/Dashboards/Reports
NO
NO
NO
YES
YES
SQL Lab Access
NO
NO
YES
YES
YES
Manage User Registration
NO
NO
NO
NO
YES
Manage Roles
NO
NO
NO
NO
YES
Write-only Access to Database
NO
NO
YES
YES
YES
Read-only Access to Database
NO
YES
YES
YES
YES
With roles set up to manage access to dashboards and charts, the next step is to create user profiles and assign the appropriate roles.
Skip this step if the user is already listed on Tathya.
To initiate this process, it is essential to first “list” the user on the Tathya platform.
User access to Tathya requires prior registration on LDAP (Lightweight Directory Access Protocol).
LDAP serves as a centralized user management platform which ensures authentication across various systems. The LDAP integration allows for a single sign-on (SSO) experience, where a registered user can use their LDAP credentials to access multiple systems, including Nifi and Tathya.
Once the access is granted, the user is automatically listed in Tathya and by default gets assigned a “public” role.
The user's account is not yet fully configured. The auto-assigned public role does not give the required access to view charts or dashboards. To grant access, you have to assign the necessary roles and permissions to the user's account.
To complete the setup, proceed by logging into Tathya with your credentials.
Ensure that you have the necessary permissions and administrative privileges to manage users in Tathya.
After logging into Tathya, in the Toolbar, hover your cursor over Settings and locate the "Security" menu. Within the Security section, look for an option like "List Users." This option will take you to the page where you can view, add, and update all the users.
Now to update the user, locate the newly listed user that you created in the previous step and click on the edit button. You will be redirected to the “Edit user” page, here verify and update user details such as, First Name, Last Name, Username, Is Active, Email, Roles.
First Name and Last Name: The "First Name" and "Last Name" fields contain the user's name. These columns provide information about the user's identity so that you can quickly recognize who each user is.
Username: The "Username" is the same LDAP-generated ID that will be used to log into Tathya (firstn.lastn). Ensure that the provided username matches the user's LDAP identifier.
Ensure that the provided username aligns with the LDAP-generated ID for seamless authentication.
Is Active?: The "Is Active?" field determines whether the user account is currently active or inactive. If set to "True," the user can log in and access Tathya.
Mark check in the Is Active field. If it is set to "False," the user account is deactivated, and the user cannot log in. Use this field to manage user access based on their current status within the organization.
Email: The "Email" is the email address associated with each user's account.
Email addresses are crucial for communication and account recovery purposes. They serve as a means of contact and are often used for sending notifications or alerts related to the user's account.
Roles: The "Roles" column indicates the roles assigned to each user. Select the default role “HotwaxBasicPermissionUser” for the user.
The HotWax Basic Permissions role is designed to provide a limited scope of access within Tathya, ensuring focused functionality for users.
Here are key details about this role:
The HotWax Basic Permissions role restricts access to specific areas in Tathya.
Users with the HotWax Basic Permissions role will only have access to the "Dashboard" panel. Users cannot view any charts here until and unless they are assigned to them in the form of a role.
In the "Settings," users with this role will see a limited set of options. The displayed options include user profile details, general information, and the logout function.
This role ensures a high level of security by preventing users from accessing areas beyond the designated dashboard and settings sections.
Finally, add the project-specific roles that you have created, which grants permission to view the project-specific charts from the Dashboard panel. (Check the section “List Roles” for more information)
Assign roles carefully, considering both default roles and project-specific roles for accurate access permissions.
Once all the fields that are required to add a user have been filled, click on “Save.”
Now, you have successfully listed the new user on Tathya and provided the roles and permissions necessary to manage their project’s charts and dashboards.
The account is now ready to be used by the user.
Regularly review and update user roles as needed, especially when new charts are introduced. This will ensure that the users get access to the latest dashboards that have been created for them.
Learn how to authenticate LDAP user accounts in Tathya, ensuring secure access to the platform using LDAP credentials.
After successfully creating an LDAP user account, log in to Tathya using the generated credentials.
Tathya forwards the authentication request to the LDAP server, which verifies the user's credentials against its directory and responds to Tathya with the authentication status.
If the LDAP authentication is successful, Tathya grants access to the user.