https://datahubproject.io logo
Join Slack
Powered by
Hi! How can I limit users to only be able to view/...
# advice-data-governance
l
Hi! How can I limit users to only be able to view/edit their own ingested metadata? i.e. user 1 should not be able to view/edit entities created by user 2. Thanks in advance!
a
b
Hi @limited-breakfast-31442! Currently, there is no way to restrict users from changing entities that were ingested by other users. Once all the entities are on DataHub, you can simply have an Admin (or central team) managing who can change which metadata. For example, you can say that user 1 can manage a subset of Datasets (or all Datasets) and user 2 can manage a different set of Datasets
Typically the easiest way to achieve this in one go is to assign an Owner to all entities ingested from some system. You can do this in 3 ways: 1. Through the UI by selecting the assets, and batch assigning the Owner 2. In bulk via the GraphQL API (if you have the asset identifiers / urns) 3. During ingestion time using the Ownership transformer
The owner will by default be able to do things like edit the metadata for that asset.
l
Hi! Thank you both! I used the Owner feature to limit entity viewing by creating a new policy which limits metadata privileges to the owner. However I also had to remove roles from all users (i.e. assign them with No Role) as the default Editor and Reader roles would still allow them to view/edit metadata.
I also notice that both Ingestion Source and Secrets are viewable across all users who have the relevant platform privileges. On top of that, users are able to run ingestion sources and use secrets created by other users. Is there a workaround (or are there plans to implement) such that User 1 will be unable to view/run/use ingestion sources and secrets created by User 2?
Thank you once again!
Open in Slack
PreviousNext
Powered by