🔄
Syncing users, groups and RLS
Automatically sync users and permissions from your databases
If you have a large number of users, groups and their permissions are maintained within your own database, you can map those users, groups, and permissions in Sprinkle automatically.
Sprinkle has an upload service, for uploading groups permissions, user keys, and Row Level Security (RLS). If the user has groups maintained for providing different permissions, access to different users and/or have user keys and/or user attributes in their data sources and these are frequently updated, then the user can make use of this service to schedule them.
Here, firstly the user has to configure those data sources (as Data Imports) in sprinkle and ingest the data into data warehouse tables. And then they can schedule a SQL Explore to query the data, to get the data in the specific format of:
- Group Permissions: Group name, description, model - ids, masking columns, group permissions and folders (optional) for uploading groups.
- User Keys: User email, keys, secret, status code, and group name for uploading user keys.
- Row Level Security: User-email and attributes(RLS values) for uploading Row Level Security.
- The explore should contain the following columns in the order: group name, group description, model ids**, masking columns**, and group permissions**, folders**. After the explore is ready, the user has to check/create row-level security by going to Admin → Access Management → Configure Access → Uploads, which will be used in the upload service.
- Then the user can create the upload service by going to Admin → Access Management → Configure Access → Uploads, clicking on the New button, and then providing a name, selecting Group Permissions from the Type field. Select SQL Explore created in the previous steps from the respective drop-down lists and click on Save And Run button.
- If the job is running fine, the user can schedule the upload service from Right-top More Options (⋯) → Autorun, then enable it and schedule the frequency as required by clicking on the Change Frequency button.
- The explore should contain the following columns in the order: email, access key, access secret, status code (optional), and group names**.
- The status code column contains '0' or some non-zero values. While running the user key upload job it will check the value for the status code column for that user Activation & Deactivation so if it is '0' then the user will be created and marked as ACTIVE and if in case user exists already but marked as INACTIVE then that user will now become ACTIVE.
- For Non zero status code values, the user will be marked as INACTIVE if that user exists already in the INACTIVE state, and if not then that user will not be created.
- After the explore is ready, the user can create the upload service by going to Admin → Access Management → Configure Access → Uploads, clicking on the New button, and then providing a name, selecting User Keys from the Type field. Then provide the no. of expiry days, select the default Groups for all the users specified in the explores, and explore those created in the previous step from the respective drop-down lists. Then click on Save And Run button.
- If the job is running fine, the user can schedule the upload service from Right-top More Options (⋯) → Autorun, then enable it and schedule the frequency as required by clicking on the Change Frequency button.
- The explore should contain the following columns in the order: email and attribute-values##. After the explore is ready, the user has to check/create row-level security by going to Admin → Access Management → Configure Permissions--> Row Level Security, which will be used in the upload service.
- Then the user can create the upload service by going to Admin--> Access Management -> Configure Access → Uploads, clicking on the New button, and then providing a name, selecting Row Level Security from the Type field. Then select the Row Level Security and explore created in the previous steps from the respective drop-down lists and click on Save And Run button.
- If the job is running fine, the user can schedule the upload service from Right-top More Options (⋯) → Autorun, then enable it and schedule the frequency as required by clicking on the Change Frequency button.
- (**) Multiple values should be separated by pipe "|".
- (##) Multiple values should be separated by a comma ",".
- The default/project folder will be added whether the folders column is passed or not.
- Passing wrong folder ids will result to skip those id/folders and only valid folders will be added to the group.
Last modified 1d ago