Managing Personas and Permissions
Audience: System Administrators
Content Summary: This document outlines step-by-step instructions for creating users, adding permissions to a user, and removing users' permissions. For more information on user permissions, see the Personas and Permissions Overview.
Additional Tutorials Contents:
- Disable Users
- Permanently Delete Users
- Migrate Users
- Remove Permission from User
- Download Metrics
- Show Disabled Accounts
Use Case
Compliance Requirement: Users can only interact with Dev data.
For this requirement, the User Admin should assign the GOVERNANCE permission to users on the Compliance team. This permission will allow them to create and assign tags that identify Dev, Test, and Prod data and write Global Policies that restrict data access to Dev for users.
Best Practice: Use External and Internal IAM
Use an external IAM for authentication and Immuta's internal IAM to manage attributes.
1 - Create Users
- Click the People icon and select Admin in the left sidebar, and select the Users tab.
- Click the New User button in the top right of the page.
Alternatively,
-
Click the plus button in the top left of the Immuta console.
-
Select the New User icon.
-
Fill out the Full Name and Email fields in the dialog. Note: The user's email address will be used as the username and must be unique.
-
Click the Create button.
2 - Add Permission to User
-
Click the People icon and select Admin in the left sidebar, and select User 1 from the Users tab.
-
Click Add Permissions.
-
Click the Select Permission dropdown, and select the GOVERNANCE permission.
-
Click Close.
Results
Now all Compliance team members have been added to Immuta, and they have the GOVERNANCE permission added in addition to the default permissions to create a project and create a data source in a project.
Additional Tutorials
Disable Users
-
Click the People icon and select Admin in the left sidebar, and then select the Users tab.
-
Select the user you would like to disable, and click the dropdown menu button next to the user's name in the left panel.
-
Select Disable.
-
Click Disable in the confirmation dialog.
Permanently Delete Users
Note: This action permanently deletes all data associated with this user from Immuta, including data source subscriptions, and a timestamp of this event will be captured in the audit logs. The ability to create Governance Reports against this user will no longer be possible. This action cannot be undone.
-
Click the People icon and select Admin in the left sidebar, and then select the Users tab.
-
Select the user you would like to delete, and click the dropdown menu button next to the user's name in the left panel.
-
Select Permanently Delete. Note: To access this function, users must have the
USER_ADMIN
permission. -
Click Permanently Delete User in the confirmation dialog.
-
Type Delete to confirm deleting the user permanently.
-
Click the Confirm Permanent Delete button.
Migrate Users
- Click the People icon and select Admin in the left sidebar, and select the user from the Users tab.
-
Click the dropdown menu to the right of their name and select Migrate User.
-
Enter their username in the modal that appears and click Migrate User.
Remove Permission from User
-
Click the People icon and select Admin in the left sidebar, and select the user from the Users tab.
-
Click the delete icon on the permission you want to remove.
Download Metrics
- Navigate to the Admin page.
- Click the Metrics icon in the top right corner of the page.
- Complete the Number of Days field in the dialog that appears, and then click Download to download the JSON file
Purpose
Collecting Immuta usage metrics from customers helps Immuta gain insight into how customers are using Immuta (not who they are or what their data looks like) to understand what features are heavily used. These metrics guide improvements to the user experience.
What is Collected?
The metrics collected are anonymized data points that provide information on Immuta feature usage but cannot be linked to an individual user or data source. Specifically, Immuta collects what workflows the users are completing and what the users are touching in the UI.
-
Workflows Users are Completing: These workflow metrics (creating policies, data sources, projects, etc.) are aggregates, such as the number of data sources created in a day, not individual events.
-
What Users are Touching: These metrics indicate what users click in Immuta, such as the create a data source button.
Benefits
-
Product Input: Input from customer metrics helps Immuta make product roadmap decisions. Providing your metrics is the best way to provide product feedback directly to Immuta.
-
Improve User Experience: Insights into the activity of different personas (governors, data owners) can be used to improve the Immuta user interface and create meaningful feedback loops.
-
Internal Insights: Gaining insights into your own Immuta use can reveal habit loops or pain points that users experience that may not be obvious. Metrics will enable those to be identified and improved.
-
Prove Value: Quantifying the areas of Immuta that you are using the most is the key to understanding the value that Immuta brings to your organization.
Show Disabled Accounts
Once an account has been disabled, it will not appear in the list of current Immuta users. To show the disabled accounts,
- Navigate to the Admin page.
- Click the dropdown menu in the top right corner of the page and select Include Disabled Accounts.