Skip to main content

Access Manager

The Access Manager component in Timbr is where users can create users, roles and policies in the platform. Users can define roles and policies based on projects, business functions, and data assets, with granular permissions to support any type of access. Admins can assign unique permissions to users without using a role.

The Access Manager is equipped with enterprise-grade access control and can integrate with Azure AD, AD Roles, and SSO mechanisms. Everything supported in the Access Manager can also be done using GRANT statements in SQL for those who prefer to code. This allows users to generate automated scripts based on input from other applications and always maintain controlled and governed access to data.

Access manager preview


The Access Manager can be accessed through the Manage tab by clicking on Access Manager.

Introduction

Access control in Timbr is divided into two main aspects

  1. What a user can see - Access Permissions - The user's access to the knowledge graph, datasources (tables), concepts, mappings, views, and all other data elements that a user is exposed to and can view, query, create and edit. This also includes the ability to grant or revoke the creation or modification of users, and roles.
  2. What a user can do - Platform Permissions - The user's access to the different pages and components in the platform. This includes which components or pages a user has access to. For example the Ontology Explorer, Data Mapper, Graph Explorer, Knowledge Lineage, Access Manager, etc.

Getting Started

The Access Manager component can be accessed by clicking on the Manage tab and choosing Access Manager.

Once selected a list of all users will appear including their: Name, Username, Roles, Status, and Last Activity.

Above the list of users are five tabs that enable you to switch between viewing the Users, Roles, Knowledge Graphs, Datasources, and existing Policies.

Access manager tabs

Beneath the tabs is a search bar that can assist in finding specific users, roles, knowledge graphs, datasources or policies from the list.

Access manager search bar

In the default tab Users, to the right of the search bar is + Create New User which when clicked on will open a new box to create a new user.

Access manager new user

Beneath + Create New User, are different filtering options as well as bulk actions that can be done. This includes:

Access manager

  • Status - Filtering the graph based on Active/Inactive users.
  • Roles - Filtering the graph based on specifically created roles.
  • Bulk Actions - Enabling users to select multiple users to perform the following bulk actions on.
  • Set role to users - The ability to add a specific role to multiple users chosen from the list all in one click.
  • Set active - The ability to add the active status to multiple users chosen from the list all in one click.
  • Set inactive - The ability to add the inactive status to multiple users chosen from the list all in one click.
  • Delete users - The ability to delete multiple users chosen from the list all in one click.

To the right of each user, there are the three following buttons:

Access manager action buttons

  • View Permissions - This button will open a window with a detailed view of what roles the selected user has, as well as what permissions the selected user has in each aspect of the platform. In addition, here you will also be able to add permissions to the user by clicking on + Add Access Permissions.

Access manager view permissions

  • Show user policies - On the top right in view permissions is show user policies that when clicked on will open a window in order to add policies to a user or revoke them from the user.

Access manager show policies

Clicking on Open grant policy will open a dropdown with a list of the existing policies to choose from that can be added to the user.

Access manager open grant

To the right, clicking on Revoke policy will remove the policy from the chosen user.

Access manager revoke

  • Edit User - This button which appears both on the top right of view permissions as well as in the main user tab appearing as a pencil will open a window in order to edit the chosen user. This includes the user's login information, the user's status, and the different roles the user has in the platform. The only thing that can't be edited is the user's User Name.

Access manager edit user

  • Delete User - The third button appearing in the users tab as a trash can, when clicked on will delete the selected user.

Access manager delete user


Creating a New User

  1. In the main page of the access manager, click on + Create New User on the upper right side.

Access manager create new user

  1. In the new window, you will be asked to fill in the new user's information that will be used when signing in to the platform using one of the two following tabs:
  • User and Password - To create a user using this option, the First and Last Name of the user will be required, as well as a Username, Email, and Password for the new user, which is connected to the relevant server of the user's organization.

Access manager db user and password

  • Single-Sign-On - To create a user using this option, the only thing required is the user's Email used and authorized by the user's organization and supported by either Google or Microsoft Azure.

Access manager OAuth user

Once the new user's information is inserted, the user can now be added by clicking on Add New User on the bottom right of the screen.

If however while creating a user you would like to add various roles to the user which contain unique permissions, this can be accomplished in the two following ways:

  • Choosing existing roles - Beneath the user information inserted to create the new user, is the list of roles (Custom Roles, Default Roles, Default Datasource Roles, and Default Knowledge Graph Roles) that can be assigned to the different users. Each role's permissions can be revealed by clicking on View Permissions to the right of the role.

Access manager role list

  • Creating new custom roles - The second option to add roles to a user is to create the new roles from scratch by clicking on + Create New Custom Role located on the top right of the list of roles.

Access manager new custom role

The full process and options for creating user roles can be found in depth in the next section.


Creating User Roles

  1. In the main Access Manager page switch from the default Users tab to the Roles tab.

Access manager roles tab

You will now see all the different types of Roles that can be assigned to users divided by category which include:

Custom Roles - This category contains all the roles that were custom-made by the user.

Default Roles - This category contains Timbr's default roles which are included by default in the Timbr platform. The default roles are:

  • Admin - Users given the Admin role will have full admin access and editing capabilities in the platform.
  • Analyst - Users given the Analyst role will be able to query every resource in the platform, but will not have the ability to create or edit data sources and knowledge graphs.
  • Editor - Users given the Editor role will be able to create, edit and query everything in the platform.
  • Public - Users given the Public role will have external access to a resource without needing to sign into the Timbr platform. Usually, users use this role for web applications connected to the Timbr platform to see dashboards and graph explorations or to enable access to Timbr components that were embedded in external applications.
  • Viewer - Users given the Viewer role will have access only to the meta-data of all the knowledge graphs in the platform. The Viewer can explore the knowledge graph models, and see the properties and relationships of each concept, but he cannot edit or query anything, and he doesn’t have any access to the data.

Default Datasource Roles - When a user creates a new datasource in Timbr, the following three default roles are automatically created:

  • Analyst - Users given the Analyst role will be able to query the specific datasources assigned by the admin.
  • Editor - Users given the Editor role will be able to edit and query the specific datasources assigned by the admin.
  • Viewer - Users given the Viewer role will strictly have the ability to view the specific datasources assigned by the admin, without the ability to edit or query them.

Default Knowledge Graph Roles - When a user creates a new knowledge graph in Timbr, the following three default roles are automatically created:

  • Analyst - Users given the Analyst role will be able to query the specific knowledge graphs assigned by the admin.
  • Editor - Users given the Editor role will be able to edit and query the specific knowledge graphs assigned by the admin.
  • Viewer - Users given the Viewer role will strictly have the ability to view the specific knowledge graphs assigned by the admin, without the ability to edit or query them.
  1. To create a new custom role click on + Create New Role located on the top right above all the category lists.

Access manager role button

  1. Once clicked, you will be asked to enter a Name for the role as well as an optional yet recommended description, describing the purpose of the created role.

Access manager create role

Beneath the name and description are the platform permissions which decide What a user can do in the platform when he is assigned this role. Here there is the option to pinpoint the exact possibilities the users will have when maneuvering through the platform with the given role.

Every possibility in the platform is located in the different platform screen menus seen below, which include: Model, Visualize, Manage, and SQL Lab.

Access manager permission menu

Each platform menu can be clicked on and opened in order to select which aspects of the chosen platform menu the user will have access to when assigned this role.

Access manager access menu

In cases where there are many options and you'd like to give access to all, you can use the bulk options on the right of each platform menu to select and give access to all by clicking on Can Access, or on the other hand, clicking on Reset to remove access to all.

  1. Once the new role information and permissions are in place, the role can now be added by clicking on Add New Role on the bottom right of the screen.

When returning to the main Access Manager page in the roles tab, to the right of each role on the list there are 3 options.

Access manager 3 options

These 3 options are:

Assigned Vs. Not Assigned - This shows which roles are assigned to which users, as well as which roles have no users assigned to them.

Access manager assigned users

View Permissions - This button will open a window with a detailed view of what platform permissions are attached to the selected role, as well as which users are assigned this role. Here you will be able to add permissions and edit the role.

Access manager permissions role

Additional Options - This button will open a small pop-up with additional options that can be performed on each role.

Access manager additional options

The following options that appear include:

Edit role - When clicked on, a window will appear allowing users to edit the selected role by adding or editing existing permissions to the role.

Access manager edit role

Assign to new user - When clicked on a Create New User window will appear with the selected role highlighted beneath. All that would be needed is to fill in the new user's information and click on Add New User on the bottom right.

Access manager assign to new user

Assign to existing user - When clicked on, an Assign user window will appear with the option to assign the selected role to any of the users on the list.

Duplicate and Edit - Duplicates the selected role enabling users to edit a copy of the role as well as edit its permissions.

Access manager copy roles

Delete - Deletes the selected role from the list of roles in the Access Manager.

The features and options above can be performed on all categories as well, which include Custom Roles, Default Roles, Default Datasource Roles and Default Knowledge Graph Roles.


Adding and Editing Knowledge Graph Access Permissions

  1. In the main Access Manager page switch from the default Users tab to the Knowledge Graphs tab.

Access manager kg tab alone

You will now see all the different Knowledge Graphs that exist including their: Name, Last updated time, date of creation, user who created the Knowledge Graph, number of concepts in the knowledge graph and the Knowledge graphs active datasource.

Access manager kg tab

  1. To add or edit a knowledge graphs access permissions, simply click on the relevant knowledge graph.

Once clicked a window will slide in with all the existing user permissions for the selected knowledge graph in one tab, and all the existing role permissions for the selected knowledge graph in the other tab.

Access permissions kg

In the users tab, right beneath the tab itself, users can hover over the number of users and see the full list of users.

Access permissions users

Beneath that, users can search for specific permissions in the search bar, as well as in the filters which include filter by: User, Type, and Permission Source.

Under the search and filters is the list of user permissions for the selected knowledge graph with the following fields:

Name - The name of the user.

Type - The type of permission. Either Access, Query, or Edit.

Scope - The scope of the user permission for the selected knowledge graph.

Grant - Indicates whether or not the permission contains granting permissions.

All - Indicates whether the permission applies to the entire ontology ("Yes") or is limited to a specific scope ("No"), such as a particular mapping, schema, or subset of data, as defined in the "Scope" column.

Actions - Provides the "Revoke" button, which allows administrators to remove the associated permission from the user, instantly revoking the specified access rights for the defined scope.

In the roles tab, right beneath the tab itself, users can hover over the number of roles and see the full list of roles.

Access permissions roles

Beneath that, users can search for specific permissions in the search bar, as well as in the filters which include filter by: Role and Type.

Under the search and filters is the list of role permissions for the selected knowledge graph with the following fields:

Name - The name of the role.

Type - The type of permission. Either Access, Query, or Edit.

Scope - The scope of the role permission for the selected knowledge graph.

Grant - Indicates whether or not the permission contains granting permissions.

All - Indicates whether the permission applies to the entire ontology ("Yes") or is limited to a specific scope ("No"), such as a particular mapping, schema, or subset of data, as defined in the "Scope" column.

Assigned Users - Shows the number of users assigned to each role. When hovering over the assigned users in each row, the list of users will appear.

Actions - Provides the "Revoke" button, which allows administrators to remove the associated permission from a role, instantly revoking the specified access rights for the defined scope.

  1. To add Access permissions to either a user or a role, on the top right click on Add Access Permission.

Access permissions add

In the new window that appears, there are the initial 2 dropdowns that include Grant target and Grant target name.

Access permissions grant target

The Grant target dropdown contains 2 options which are:

  • User - Whether the permission should be granted to a user.
  • Role - Whether the permission should be granted to a role.

Access permissions grant target user role

The Grant target name dropdown contains a list of all the usernames and role names in order to choose one to grant the permission to.

Access permissions grant target name

Once the Grant target and Grant target name are chosen, two additional dropdowns will appear, which are: Access Type and Resource

Access permissions type_resource

The Access Type dropdown contains 3 options which are:

  • Access - Users or roles given the Access permission can only view the metadata of a chosen resource.
  • Query - Users or roles given the Query permission can view the metadata and query the chosen resource.
  • Edit - Users or roles given the Edit permission can create, edit or remove the chosen resource.

Access permissions access type

The Resource dropdown initially contains 4 options but the options change based on the first selection in the following way:

If the Access permission is given to the user or role, which is the most basic permission, then the Resource dropdown will show the following 4 options:

  • Specific knowledge graph - Giving the user or role permission to view a specific knowledge graph.
  • Specific datasource - Giving the user or role permission to view a specific datasource.
  • All knowledge graphs - Giving the user or role permission to view all the knowledge graphs in the platform.
  • All datasources - Giving the user or role permission to view all the datasources connected to the platform.

Access permissions resource

If the Query permission is given to the user or role then the Resource dropdown will show the following 6 options:

  • Specific knowledge graph - Giving the user or role permission to view and query a specific knowledge graph.
  • Specific datasource - Giving the user or role permission to view and query a specific datasource.
  • All knowledge graphs - Giving the user or role permission to view and query all the knowledge graphs in the platform.
  • All datasources - Giving the user or role permission to view and query all the datasources connected to the platform.
  • View all users - Giving the user or role permission to view all users in the platform.
  • View all roles - Giving the user or role permission to view all roles in the platform.

Access manager resource query

If the Edit permission is given to the user or role which includes the most advanced permissions then the Resource dropdown will show the following 12 options:

  • Specific knowledge graph - Giving the user or role permission to view, edit or remove a specific knowledge graph.
  • Specific datasource - Giving the user or role permission to view, edit or remove a specific datasource.
  • All knowledge graphs - Giving the user or role permission to view, edit or remove all the knowledge graphs in the platform.
  • Create knowledge graphs - Giving the user or role permission to create new knowledge graphs in the platform.
  • All datasources - Giving the user or role permission to view, edit or remove all the datasources connected to the platform.
  • Create datasources - Giving the user or role permission to create and add new datasources to the platform.
  • Create new users - Giving the user or role permission to create new users in the platform.
  • Edit all users - Giving the user or role permission to edit the details of all the users in the platform.
  • Edit a specific user - Giving the user or role permission to edit a specific user in the platform.
  • Create new roles - Giving the user or role permission to create new roles in the platform.
  • Edit all roles - Giving the user or role permission to edit all roles in the platform.
  • Edit a specific role - Giving the user or role permission to edit a specific role in the platform.

Access manager resource edit

Notice that for the Edit permission only, there is a checkbox called with Grant Option that hands the specific user or role the ability to grant and revoke permissions from other users or roles in the scope of the permission.

Access manager grant edit

When the Access Type and Resource dropdowns are chosen, depending on the choices different dropdowns will appear to drill down to the intended selection. Once the dropdowns are chosen all that's left is to click on Save at the bottom right of the window. If before saving you would like to see the SQL syntax behind the grant query defining the permission, you can click on Show GRANT query beneath the with GRANT Option checkbox.

Access manager grant sql edit

All the access permissions for both users and roles can also be granted or revoked using SQL.


Adding and Editing Datasource Access Permissions

Similar to adding and editing knowledge graph access permissions in the previous section, datasource access permissions follow the same flow.

  1. In the main Access Manager page switch from the default Users tab to the Datasources tab.

Access manager datasource tab alone

You will now see all the different datasources that exist including their: Name, date of creation, user who created the datasource, and the datasource type.

Access manager datasource tab

  1. To add or edit a datasources access permissions, simply click on the relevant datasource.

Once clicked a window will slide in with all the existing user permissions for the selected datasource in one tab, and all the existing role permissions for the selected datasource in the other tab.

Access permissions datasource

In the users tab, right beneath the tab itself, users can hover over the number of users and see the full list of users.

Access permissions users datasources

Beneath that, users can search for specific permissions in the search bar, as well as in the filters which include filter by: User, Type, and Permission Source.

Under the search and filters is the list of user permissions for the selected datasource with the following fields:

Name - The name of the user.

Type - The type of permission. Either Access, Query, or Edit.

Scope - The scope of the user permission for the selected datasource.

Grant - Indicates whether or not the permission conatins granting permissions.

All - Indicates whether the permission applies to all datasets or tables within the datasource ("Yes") or is limited to a specific dataset or table ("No"), as defined in the "Scope" column.

Actions - Provides the "Revoke" button, which allows administrators to remove the associated permission from the user, instantly revoking the specified access rights for the defined scope.

Access permissions users actions

In the roles tab, right beneath the tab itself, users can hover over the number of roles and see the full list of roles.

Access permissions roles hover datasource

Beneath that, users can search for specific permissions in the search bar, as well as in the filters which include filter by: Role and Type.

Under the search and filters is the list of role permissions for the selected datasource with the following fields:

Name - The name of the role.

Type - The type of permission. Either Access, Query, or Edit.

Scope - The scope of the role permission for the selected datasource.

Grant - Indicates whether or not the permission conatins granting permissions.

All - Indicates whether the permission applies to all datasets or tables within the datasource ("Yes") or is limited to a specific dataset or table ("No"), as defined in the "Scope" column.

Assigned Users - Shows the number of users assigned to each role. When hovering over the assigned users in each row, the list of users will appear.

Actions - Provides the "Revoke" button, which allows administrators to remove the associated permission from a role, instantly revoking the specified access rights for the defined scope.

  1. To add Access permissions to either a user or a role, on the top right click on Add Access Permission.

Access permissions add

In the new window that appears, there are the initial 2 dropdowns that include Grant target and Grant target name.

Access permissions grant target

The Grant target dropdown contains 2 options which are:

  • User - Whether the permission should be granted to a user.
  • Role - Whether the permission should be granted to a role.

Access permissions grant target user role

The Grant target name dropdown contains a list of all the usernames and role names in order to choose one to grant the permission to.

Access permissions grant target name

Once the Grant target and Grant target name are chosen, two additional dropdowns will appear, which are: Access Type and Resource

Access permissions type_resource

The Access Type dropdown contains 3 options which are:

  • Access - Users or roles given the Access permission can only view the metadata of a chosen resource.
  • Query - Users or roles given the Query permission can view the metadata and query the chosen resource.
  • Edit - Users or roles given the Edit permission can create, edit or remove the chosen resource.

Access permissions access type

The Resource dropdown initially contains 4 options but the options change based on the first selection in the following way:

If the Access permission is given to the user or role, which is the most basic permission, then the Resource dropdown will show the following 4 options:

  • Specific knowledge graph - Giving the user or role permission to view a specific knowledge graph.
  • Specific datasource - Giving the user or role permission to view a specific datasource.
  • All knowledge graphs - Giving the user or role permission to view all the knowledge graphs in the platform.
  • All datasources - Giving the user or role permission to view all the datasources connected to the platform.

Access permissions resource

If the Query permission is given to the user or role then the Resource dropdown will show the following 6 options:

  • Specific knowledge graph - Giving the user or role permission to view and query a specific knowledge graph.
  • Specific datasource - Giving the user or role permission to view and query a specific datasource.
  • All knowledge graphs - Giving the user or role permission to view and query all the knowledge graphs in the platform.
  • All datasources - Giving the user or role permission to view and query all the datasources connected to the platform.
  • View all users - Giving the user or role permission to view all users in the platform.
  • View all roles - Giving the user or role permission to view all roles in the platform.

Access manager resource query

If the Edit permission is given to the user or role which includes the most advanced permissions then the Resource dropdown will show the following 12 options:

  • Specific knowledge graph - Giving the user or role permission to view, edit or remove a specific knowledge graph.
  • Specific datasource - Giving the user or role permission to view, edit or remove a specific datasource.
  • All knowledge graphs - Giving the user or role permission to view, edit or remove all the knowledge graphs in the platform.
  • Create knowledge graphs - Giving the user or role permission to create new knowledge graphs in the platform.
  • All datasources - Giving the user or role permission to view, edit or remove all the datasources connected to the platform.
  • Create datasources - Giving the user or role permission to create and add new datasources to the platform.
  • Create new users - Giving the user or role permission to create new users in the platform.
  • Edit all users - Giving the user or role permission to edit the details of all the users in the platform.
  • Edit a specific user - Giving the user or role permission to edit a specific user in the platform.
  • Create new roles - Giving the user or role permission to create new roles in the platform.
  • Edit all roles - Giving the user or role permission to edit all roles in the platform.
  • Edit a specific role - Giving the user or role permission to edit a specific role in the platform.

Access manager resource edit

Notice that for the Edit permission only, there is a checkbox called with Grant Option that hands the specific user or role the ability to grant and revoke permissions from other users or roles in the scope of the permission.

Access manager grant edit

When the Access Type and Resource dropdowns are chosen, depending on the choices different dropdowns will appear to drill down to the intended selection. Once the dropdowns are chosen all that's left is to click on Save at the bottom right of the window. If before saving you would like to see the SQL syntax behind the grant query defining the permission, you can click on Show GRANT query beneath the with GRANT Option checkbox.

Access manager grant sql edit

All the access permissions for both users and roles can also be granted or revoked using SQL.


Creating User Policies

  1. In the main Access Manager page switch from the default Users tab to the Policies tab.

Access manager policies tab

You will now see all the different policies that exist including their: Name, Ontology, Resource, Assigned Users, and Last Activity.

Access manager policies list

To the right of each policy is a button with 3 dots that opens a menu with the following options:

Edit Policy - Enables users to edit the selected policy.

Assign to user - Enables admins to assign the selected policy to a user of their choice.

Assign to role - Enables admins to assign the selected policy to a role of their choice.

Remove Policy - Removes and deletes the selected policy.

Access manager policies 3 dots

  1. Above the list of policies on the top right click on Create New Policy.

Access manager policies create

  1. Once clicked, you will be asked to fill out the following policy information:

Policy Name - A name for the policy.

Knowledge Graph - The knowledge graph we want the policy to take effect on.

Resource Type - The resource type of the policy, being either a concept, mapping, property, or view.

Resource Name - The resource name based on the resource type that was chosen.

Security policy rule - An SQL statement representing the policy.

Access manager policies info

Once the new policy information is inserted, the policy can now be added by clicking on Add New Policy on the bottom right of the screen.

Access manager policies add new


Adding and Editing User Access Permissions

As mentioned above, a user's access permissions can be accessed and viewed in the Users tab to the right of each user by clicking on View Permissions.

Access manager view user permissions

In the window that appears, on top will be the user's name and roles. Each user role can be accessed and edited by clicking on the role name.

Access manager role permissions in view permissions

Please notice that when editing a role, it won't only affect the specific user you are trying to edit the role for, but will affect all users who were assigned that role.

Under the selected user's name and roles, will be the user's access permissions which define what a user can see in the platform. Existing permissions given to a specific user will have 3 options when hovering over the permission, which include: Revoke, Copy Grant Query, and Information.

Access manager permissions options

Revoke - Revokes the specific access given to the user.

Please notice that only permissions that were assigned to the specific user can be revoked from here. When a user is added to a role, revoking the permission is done by removing the user from the role he was assigned to through the roles tab.

Access manager no revoke option

Copy Grant Query - Copies the permissions SQL Grant query to the clipboard.

Information - When Information is hovered over, it will show all the information of the specific permission.

Access manager grant information

To add new access permissions to the user click on + Add Access Permissions below the list of existing permissions.

Access manager add access permission

In the new window that appears, there are the initial 2 dropdowns that include Access Type and Resource.

Access manager access window

The Access Type dropdown contains 3 options which are:

  • Access - Users given the Access permission can only view the metadata of a chosen resource.
  • Query - Users given the Query permission can view the metadata and query the chosen resource.
  • Edit - Users given the Edit permission can create, edit or remove the chosen resource.

Access manager first level access

The Resource dropdown initially contains 4 options but the options change based on the first selection in the following way:

If the Access permission is given to the user which is the most basic permission then the Resource dropdown will show the following 4 options:

  • Specific knowledge graph - Giving the user permission to view a specific knowledge graph.
  • Specific datasource - Giving the user permission to view a specific datasource.
  • All knowledge graphs - Giving the user permission to view all the knowledge graphs in the platform.
  • All datasources - Giving the user permission to view all the datasources connected to the platform.

Access manager second level access

If the Query permission is given to the user then the Resource dropdown will show the following 6 options:

  • Specific knowledge graph - Giving the user permission to view and query a specific knowledge graph.
  • Specific datasource - Giving the user permission to view and query a specific datasource.
  • All knowledge graphs - Giving the user permission to view and query all the knowledge graphs in the platform.
  • All datasources - Giving the user permission to view and query all the datasources connected to the platform.
  • View all users - Giving the user permission to view all users in the platform.
  • View all roles - Giving the user permission to view all roles in the platform.

Access manager third level access

If the Edit permission is given to the user which includes the most advanced permissions then the Resource dropdown will show the following 12 options:

  • Specific knowledge graph - Giving the user permission to view, edit or remove a specific knowledge graph.
  • Specific datasource - Giving the user permission to view, edit or remove a specific datasource.
  • All knowledge graphs - Giving the user permission to view, edit or remove all the knowledge graphs in the platform.
  • Create knowledge graphs - Giving the user permission to create new knowledge graphs in the platform.
  • All datasources - Giving the user permission to view, edit or remove all the datasources connected to the platform.
  • Create datasources - Giving the user permission to create and add new datasources to the platform.
  • Create new users - Giving the user permission to create new users in the platform.
  • Edit all users - Giving the user permission to edit the details of all the users in the platform.
  • Edit a specific user - Giving the user permission to edit a specific user in the platform.
  • Create new roles - Giving the user permission to create new roles in the platform.
  • Edit all roles - Giving the user permission to edit all roles in the platform.
  • Edit a specific role - Giving the user permission to edit a specific role in the platform.

Notice that for the Edit permission only, there is a checkbox called with Grant Option below Resource that hands the specific user the ability to grant and revoke permissions from other users in the scope of the permission.

Access manager fourth level access

When the Access Type and Resource dropdowns are chosen, depending on the choices different dropdowns will appear to drill down to the intended selection. Once the dropdowns are chosen all that's left is to click on Save at the bottom right of the window. If before saving you would like to see the SQL syntax behind the grant query defining the permission, you can click on Show GRANT query beneath the with GRANT Option checkbox.

Access manager save permissions

All the access permissions for both users and roles can also be granted or revoked in Timbrs SQL.

Access manager grant sql access