datahub/assets/js/1c4475c0.e8a88ebf.js

"use strict";(self.webpackChunkdocs_website=self.webpackChunkdocs_website||[]).push([[30182],{15680:(e,t,r)=>{r.d(t,{xA:()=>p,yg:()=>y});var o=r(96540);function n(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,o)}return r}function a(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?i(Object(r),!0).forEach((function(t){n(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):i(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}function u(e,t){if(null==e)return{};var r,o,n=function(e,t){if(null==e)return{};var r,o,n={},i=Object.keys(e);for(o=0;o<i.length;o++)r=i[o],t.indexOf(r)>=0||(n[r]=e[r]);return n}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(o=0;o<i.length;o++)r=i[o],t.indexOf(r)>=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(n[r]=e[r])}return n}var s=o.createContext({}),c=function(e){var t=o.useContext(s),r=t;return e&&(r="function"==typeof e?e(t):a(a({},t),e)),r},p=function(e){var t=c(e.components);return o.createElement(s.Provider,{value:t},e.children)},l="mdxType",g={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},d=o.forwardRef((function(e,t){var r=e.components,n=e.mdxType,i=e.originalType,s=e.parentName,p=u(e,["components","mdxType","originalType","parentName"]),l=c(r),d=n,y=l["".concat(s,".").concat(d)]||l[d]||g[d]||i;return r?o.createElement(y,a(a({ref:t},p),{},{components:r})):o.createElement(y,a({ref:t},p))}));function y(e,t){var r=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var i=r.length,a=new Array(i);a[0]=d;var u={};for(var s in t)hasOwnProperty.call(t,s)&&(u[s]=t[s]);u.originalType=e,u[l]="string"==typeof e?e:n,a[1]=u;for(var c=2;c<i;c++)a[c]=r[c];return o.createElement.apply(null,a)}return o.createElement.apply(null,r)}d.displayName="MDXCreateElement"},29562:(e,t,r)=>{r.r(t),r.d(t,{assets:()=>p,contentTitle:()=>s,default:()=>y,frontMatter:()=>u,metadata:()=>c,toc:()=>l});r(96540);var o=r(15680);function n(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){return t=null!=t?t:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(t)):function(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,o)}return r}(Object(t)).forEach((function(r){Object.defineProperty(e,r,Object.getOwnPropertyDescriptor(t,r))})),e}function a(e,t){if(null==e)return{};var r,o,n=function(e,t){if(null==e)return{};var r,o,n={},i=Object.keys(e);for(o=0;o<i.length;o++)r=i[o],t.indexOf(r)>=0||(n[r]=e[r]);return n}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(o=0;o<i.length;o++)r=i[o],t.indexOf(r)>=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(n[r]=e[r])}return n}const u={title:"Authorization using Groups",slug:"/authorization/groups",custom_edit_url:"https://github.com/datahub-project/datahub/blob/master/docs/authorization/groups.md"},s="Authorization using Groups",c={unversionedId:"docs/authorization/groups",id:"version-1.1.0/docs/authorization/groups",title:"Authorization using Groups",description:"Introduction",source:"@site/versioned_docs/version-1.1.0/docs/authorization/groups.md",sourceDirName:"docs/authorization",slug:"/authorization/groups",permalink:"/docs/1.1.0/authorization/groups",draft:!1,editUrl:"https://github.com/datahub-project/datahub/blob/master/docs/authorization/groups.md",tags:[],version:"1.1.0",frontMatter:{title:"Authorization using Groups",slug:"/authorization/groups",custom_edit_url:"https://github.com/datahub-project/datahub/blob/master/docs/authorization/groups.md"},sidebar:"overviewSidebar",previous:{title:"Policies Guide",permalink:"/docs/1.1.0/authorization/policies"},next:{title:"Removing Metadata from DataHub",permalink:"/docs/1.1.0/how/delete-metadata"}},p={},l=[{value:"Introduction",id:"introduction",level:2},{value:"Why do we need groups for authorization?",id:"why-do-we-need-groups-for-authorization",level:2},{value:"Easily Applying Access Privileges",id:"easily-applying-access-privileges",level:3},{value:"Syncing with Existing Enterprise Groups (via IdP)",id:"syncing-with-existing-enterprise-groups-via-idp",level:3},{value:"Custom Groups",id:"custom-groups",level:2},{value:"Feedback / Questions / Concerns",id:"feedback--questions--concerns",level:2}],g={toc:l},d="wrapper";function y(e){var{components:t}=e,r=a(e,["components"]);return(0,o.yg)(d,i(function(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{},o=Object.keys(r);"function"==typeof Object.getOwnPropertySymbols&&(o=o.concat(Object.getOwnPropertySymbols(r).filter((function(e){return Object.getOwnPropertyDescriptor(r,e).enumerable})))),o.forEach((function(t){n(e,t,r[t])}))}return e}({},g,r),{components:t,mdxType:"MDXLayout"}),(0,o.yg)("h1",{id:"authorization-using-groups"},"Authorization using Groups"),(0,o.yg)("h2",{id:"introduction"},"Introduction"),(0,o.yg)("p",null,"DataHub provides the ability to use ",(0,o.yg)("strong",{parentName:"p"},"Groups")," to manage policies."),(0,o.yg)("h2",{id:"why-do-we-need-groups-for-authorization"},"Why do we need groups for authorization?"),(0,o.yg)("h3",{id:"easily-applying-access-privileges"},"Easily Applying Access Privileges"),(0,o.yg)("p",null,"Groups are useful for managing user privileges in DataHub. If you want a set of Admin users,\nor you want to define a set of users that are only able to view metadata assets but not make changes to them, you could\ncreate groups for each of these use cases and apply the appropriate policies at the group-level rather than the\nuser-level."),(0,o.yg)("h3",{id:"syncing-with-existing-enterprise-groups-via-idp"},"Syncing with Existing Enterprise Groups (via IdP)"),(0,o.yg)("p",null,"If you work with an Identity Provider like Okta or Azure AD, it's likely you already have groups defined there. DataHub\nallows you to import the groups you have from OIDC for ",(0,o.yg)("a",{parentName:"p",href:"/docs/1.1.0/generated/ingestion/sources/okta"},"Okta")," and\n",(0,o.yg)("a",{parentName:"p",href:"/docs/1.1.0/generated/ingestion/sources/azure-ad"},"Azure AD")," using the DataHub ingestion framework."),(0,o.yg)("p",null,"If you routinely ingest groups from these providers, you will also be able to keep groups synced. New groups will\nbe created in DataHub, stale groups will be deleted, and group membership will be updated!"),(0,o.yg)("h2",{id:"custom-groups"},"Custom Groups"),(0,o.yg)("p",null,"DataHub admins can create custom groups by going to the ",(0,o.yg)("strong",{parentName:"p"},"Settings > Users & Groups > Groups > Create Group"),".\nMembers can be added to Groups via the Group profile page."),(0,o.yg)("h2",{id:"feedback--questions--concerns"},"Feedback / Questions / Concerns"),(0,o.yg)("p",null,"We want to hear from you! For any inquiries, including Feedback, Questions, or Concerns, reach out on Slack!"))}y.isMDXComponent=!0}}]);