Managing Data Access

Describes data access management and how to grant members access to data.

HPE Ezmeral Unified Analytics Software administrators have unrestricted access to all data sources and underlying schemas, tables, views, and buckets. Admins can grant public access to a data source or they can grant members access to specific schemas, tables, views, or buckets in a data source.

Public access grants all members read and write access to all data in a data source. Alternatively, admins can grant members read, write, or read & write access to specific schemas, tables, views, or buckets in a data source.

TIP

Members should contact their HPE Ezmeral Unified Analytics Software admin to request access.
Any access granted can also be revoked by an HPE Ezmeral Unified Analytics Software admin.
If an admin deletes a member in HPE Ezmeral Unified Analytics Software, the member's access to data is also deleted.
The system transparently enforces data access policies across all applications and clients.

The following sections provide the steps for granting and revoking data access.

Granting Public Access to a Data Source

HPE Ezmeral Unified Analytics Software administrators can make a data source publicly accessible. When an admin makes a data source publicly accessible, all members have full access (read and write) permissions on the data source and the data within it.

To make a data source publicly accessible, complete the following steps:

Sign in to HPE Ezmeral Unified Analytics Software.
In the left navigation bar, select Data Engineering > Data Sources.
Select the Structured Data or Object Store Data tab.
In the data source tile, click the three-dots.
Select Change to public access.
In the Data Access dialog, click Proceed or Cancel. If you choose to proceed, the system displays the message:
Access changed for the data source: <data-source-name>

Revoking Public Access to a Data Source

HPE Ezmeral Unified Analytics Software administrators can revoke public access to a data source. Revoking public access to a data source makes the data in the data source totally inaccessible to all members. Only admins can access the data in the data source.

Sign in to HPE Ezmeral Unified Analytics Software.
In the left navigation bar, select Data Engineering > Data Sources.
Select the Structured Data or Object Store Data tab.
In the data source tile, click the three-dots.
Select Change to private access.
In the Data Access dialog, click Proceed or Cancel. If you choose to proceed, the system displays the message:
Access changed for the data source: <data-source-name>

Granting a Member Access to Data

HPE Ezmeral Unified Analytics Software administrators can grant a member access to one or more tables, views, or buckets in a schema.

To grant a member access to data, complete the following steps:

Sign in to HPE Ezmeral Unified Analytics Software.
In the left navigation bar, select Administration > Identity & Access Management.
On the Identity and Access Management screen, locate the user.
In the Actions column of the user row, click the three-dots and select Manage Privileges.
On the Manage Privileges screen, select the Structured Data or Object Store Data tab, depending on the type of data that you want to grant the user access to.
Expand a data source and select a schema.
In the Datasets area, select the tables, views, or buckets that you want to grant the user access to. You can grant Read, Write or Read & Write access.
- To grant a user access to a single table, view, or bucket, use the Access Type column dropdown in the row of the table, view, or bucket.
- To grant a user access to multiple tables, views, or buckets, use the Bulk Access dropdown and select the access that you want to grant the user on the selected tables, views, or buckets.
Click Update Privilege. The system displays the message:
Updated privileges for the user: <user-name>

Granting Group Access to Data

HPE Ezmeral Unified Analytics Software administrators can simultaneously grant a group of users access to one or more tables, views, or buckets in a schema.

To grant group access to data, complete the following steps:

Sign in to HPE Ezmeral Unified Analytics Software.
In the left navigation bar, select Administration > Identity & Access Management.
On the Identity and Access Management screen, choose one or more member users by selecting their checkboxes.
NOTE
You cannot select the current session user. For example, if you are signed in as admin, you cannot select admin.
Click Add Privileges.
On the Add Privileges screen, select the Structured Data or Object Store Data tab, depending on the type of data that you want to grant users access to.
Expand a data source and select a schema.
In the Datasets area, select the tables, views, or buckets that you want to grant the user access to. You can grant Read, Write or Read & Write access.
NOTE
- New access privileges are added to the privileges a user already has; they do not replace the previous access privileges. For example, if user1 previously had Read access and you grant user1 Write access, user1 now has Read & Write access to the data.
- To grant users access to a single table, view, or bucket, use the Access Type column dropdown in the row of the table, view, or bucket.
- To grant users access to multiple tables, views, or buckets, use the Bulk Access dropdown and select the access that you want to grant the user on the selected tables, views, or buckets.
Click Update privilege.

Revoking Member Access to Data

HPE Ezmeral Unified Analytics Software administrators can revoke a member's access to schemas, tables, views, and buckets. Revoking access makes the data inaccessible to the member.

Administrators can use the Manage Privileges screen to revoke access to one or more data sources and their schemas, tables, views, and buckets. To revoke all access to a specific data source for members, use the Remove Privileges option.

NOTE

You can use the Remove Privileges option only for private data sources.

To revoke member access to data, complete the following steps:

Sign in to HPE Ezmeral Unified Analytics Software.
In the left navigation bar, select Administration > Identity & Access Management.
On the Identity and Access Management screen, locate the user.
In the Actions column of the user row, click the three-dots and select Manage Privileges.
On the Manage Privileges screen, select the Structured Data or Object Store Data tab, depending on the type of data that you want to revoke access to.
Expand the data source and select the schema that contains the data you want to revoke access to.
In the Datasets area, select the tables, views, or buckets that you want to revoke access to.
- If you are only revoking access to one table, view, or bucket, select No Access in the Access Type column for the table, view, or bucket.
- If you are revoking access to multiple tables, views, or buckets, select the tables, views, or buckets and then use the Bulk Access dropdown (to the right of the Search field) and select No Access.
Click Update Privilege. The system displays the message:
Updated privileges for the user: <user-name>

To revoke all access to a specific data source for members, complete the following steps:

Sign in to HPE Ezmeral Unified Analytics Software.
In the left navigation bar, select Data Engineering > Data Sources.
Select the Structured Data or Object Store Data tab.
In the data source tile, click the three-dots.
Select View Details.
On the View Details screen, locate the user whose access to the data source you want to revoke.
Click Remove Privileges (delete icon).

Access Indicator Labels

When users (admins and members) sign in to HPE Ezmeral Unified Analytics Software and go to Data Engineering > Data Sources, they see tiles for all of the connected data sources on the Data Sources screen. The tiles have icons and labels that indicate whether a data source is accessible or not.

The following sections describe the access indicators that admins and members see on data source tiles.

Admins

Admins have full access to all data sources regardless of the icon displayed. The icon that an admin sees in the tile indicates whether a data source is publicly accessible or not. If an admin makes a data source publicly accessible (read and write access for all members), the data source tile displays a globe icon next to the data source name, indicating global access.

Otherwise, a locked padlock icon displays.

The locked padlock indicates that an admin must grant members access to the data source. All admins have access to the data source.

Members

When members do not have access to a data source, the data source tile shows a locked padlock icon and says Cannot access this data source.

Any attempts to access the data results in an access denied error.

When members have access to a data source, the padlock icon in the data source tile is unlocked and the tile displays the Query using Data Catalog link.

HPE Ezmeral Unified Analytics Software 1.5 Documentation
Abstract	HPE Ezmeral Unified Analytics Software is a usage-based Software-as-a-Service (SaaS) model that operationalizes hybrid and multi-cloud modern analytical workloads through a simple user interface, easily installed and deployed in minutes. HPE Ezmeral Unified Analytics Software separates compute and storage for flexible, cost-efficient scalability to securely access data stored in multiple data platforms, enabling you to run traditional and advanced analytics workloads with open-source tools.
Published	November 2024
Edition	1.5.0