πŸ§‘β€πŸ€β€πŸ§‘Groups

Sprinkle gives you the flexibility to be in control of your data, and manage access & permissions of groups of users.

Managing, assigning & adjusting various permissions for a huge number of users can be a tedious task. Hence, use groups to efficiently manage access of similar kinds of users.

To quickly get you started with managing the accessibility, Sprinkle has default groups created.

Default Groups

Administrator πŸ›‘οΈ

The Admin has complete access to the tool and has no restrictions. They are in charge of administering and facilitating everything on the platform. Admins can be senior members of the data team who has detailed knowledge of the various data systems. The admin can manage other users on the platform and their access.

Data Team πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

Their permissions are similar to an admin's, except for the administrative permissions. On the platform, they have access to everything they need to build pipelines, models, reports, dashboards, and more. They can create new datasets from data sources, build models, SQL Transforms, Reports, SQL explore, etc. The group can be used to manage and provide access to Data Engineers and Data Analysts.

Business Team πŸ‘¨β€πŸ’ΌπŸ‘©β€πŸ’Ό

This group of users can create and view reports and dashboards. In addition to consuming data assets, users can also create them using self-serve analytics features.

Viewers πŸ‘€

They have view-only permissions on reports and dashboards.

API_Access Grp πŸ€–

Made to provide API access, this group has permissions to view SQL Explore, Reports, and Model functionalities, along with the create and edit permissions on SQL Transform and DataImports.

Default permissions of these default groups are covered in the permissions section below.

Create New Group

Sprinkle provides an option to also create groups according to the customized needs of a group of users in the organization.

To create a new group, through the left navigation panel, πŸ–±οΈclick on Admin -> Access Management -> Groups. πŸ–±οΈClick on New Group.

What are Groups made of?

Members πŸ§‘β€πŸ€β€πŸ§‘

Admin can add members to the group easily, just click on Add to get started. From the available drop-down list of the users in Sprinkle, Admin can select the users to add them to the group.

Permissions

Using the easy & intuitive UI, admins can easily manage the permissions of various groups across the various modules in Sprinkle. Below is a snapshot of the default permissions for the users in various groups.

Group Permissions - Snapshots

Admins πŸ›‘οΈ

Data Team πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

Business Team πŸ‘¨β€πŸ’ΌπŸ‘©β€πŸ’Ό

Viewers πŸ‘€

API πŸ€–

Folders

Along with permissions to various modules, the admin can also manage the access of data to the users in the groups through folders.

Navigate to the folders tab and Add Folder, in case you want to provide additional access to a specific folder to the users in the group. Read more about folders here.

Row-level Security

Row-level security lets you manage the row-level access of the models. It lets you restrict users' access only to the relevant rows of data in the table. For example, you can restrict users in Karnataka to access the sales data only relevant to Karnataka from the sales table.

πŸ› οΈSteps to Use Row-level Security

1️Define RLS Attribute - Admin Users

Through the left navigation panel, πŸ–±οΈclick on Admin -> Access Management.

Browse to the Configure Access Tab &πŸ–±οΈClick on Row Level Security from the left navigation menu. Click on "+Create RLS Attribute" button to add a new RLS attribute. In the belowπŸ”½ example, we have created ManagerName, a RLS attribute, that would be used to restrict the sales table entries based on the manager of the sale.

2️Assign RLS Attribute to Model

Now navigate to the model section and open the model for which you need to manage the access.

Select the Row Level Security Tab and then, πŸ–±οΈClick on Link RLS Attribute to assign RLS Attribute to the Model.

Fill in the Modal form, Select the Attribute created. Then select the Column Name from the Model, based on which the row entries are to be managed for different User Groups.

In the below example, the Brand attribute is selected, and the Country column from the Sales_order model. πŸ–±οΈClick Submit, to assign the column to the user attribute Brand.

3️Add RLS Attribute to Group

Now admins can use the attribute to manage the row-level access to the model data based on the requirement. For that, the admin user can browse to Admin -> Permissions -> Groups. Select the User Group for which the row-level access needs to be managed and then add the User attribute with the column entry. Only the rows corresponding to the column entry provided would be available to the users belonging to that group.

In the belowπŸ”½ example, For the Group Analysts, the RLS attribute is added. The Brand attribute has been provided with the value "Tycon". So, now only the row entries corresponding to the column entry of Tycon is visible to the users in the Analyst Group from the Sales_Order model.

Last updated