Hello again I have another doubt but this time it related to DataHub #all-things-deployment

Hello again, I have another doubt but this time it...

microscopic-mechanic-13766

10/21/2022, 12:04 PM

Hello again, I have another doubt but this time it related to permissions. I have disabled all the default policies but for the Asset Owners - Metadata Policy
which grants all metadata privileges ONLY for assets owners. I also have created one group, which has 2 users inside: one with read role and the other with edit role. After adding the group as the owner of a dataset, the read user is able to add glossary terms, domains, .... Is this correct?? Shouldn't roles be over policies??

microscopic-mechanic-13766

10/21/2022, 12:06 PM

Summary in case I haven't explained myself properly: If a read user is the owner of a dataset and the Asset Owners - Metadata Policy
is enabled, the user is able to do more actions that the expected for the role assigned

square-activity-64562

10/21/2022, 12:06 PM

There is no Deny option here. Only Allow. So it is additive

square-activity-64562

10/21/2022, 12:07 PM

You can disable the Asset Owners
policy and then it will behave like you expect

microscopic-mechanic-13766

10/21/2022, 12:09 PM

Out of curiosity, are there any plans on changing this behaviour or adding that "deny" option??

square-activity-64562

10/21/2022, 12:11 PM

There is nothing on the roadmap currently. But you can always use the link in #feature-requests page to raise a feature request. If there is enough interest it can go on roadmap

3 Views

Open in Slack

Previous Next