Graphmart, Data Layer, and Step Sharing

Graphmart sharing is managed by configuring user and group permissions at the graphmart, data layer, and step level. Together, the permissions defined for each graphmart component control the data that a user can access, whether they can view or modify a component, and whether they can view or modify a component's metadata.

This topic provides details about the permissions for each graphmart component and includes instructions for configuring permissions for each type of component.

Graphmart, Layer, and Step Permissions Reference

In the Anzo application, graphmarts, data layers, and steps offer the same predefined permission sets to apply and use the same mechanism for assigning permissions, but the privileges granted with a permission set differ depending on the component:

  • Graphmart permissions control a user’s ability to activate, deactivate, and reload or refresh a graphmart, view or modify a graphmart and its metadata, and view, create, or modify data layers.
  • Data Layer permissions control which users can access or modify the data that is output from a layer, i.e., which users can enable or disable layers, edit, create, and delete layers, or change layer metadata, such as security settings.
  • Step permissions also control which users can access or modify the data that is output from a layer, i.e., which users can enable and disable steps, add, edit, and delete steps, and view or modify step metadata.

This section provides information about the predefined permission sets and default permissions for each component.

Permission Inheritance

When assigning permissions at the graphmart, data layer, or step level, you can configure that component to inherit the permissions from another component or pass on its permissions to other components. For example, you can configure one graphmart to pass its permissions to other graphmarts. Inheritance transmits all of the artifact's permissions for all users and groups.

By default, data layers and steps inherit their permissions from the parent graphmart. That means graphmart permissions supersede the permissions set at the data layer or step level by default. For simplicity and to avoid unexpected outcomes, Cambridge Semantics recommends that you manage all permissions at the graphmart level.

The inheritance settings are displayed below the permissions table on the graphmart Sharing tab or the Security tab for data layers and steps.

Since graphmarts pass permissions to layers and steps, by default, the Copy permissions from field is empty for graphmarts. And the Copy permissions to field is populated with the names of the data layers and steps in the graphmart. For data layer and step permissions, the Copy permissions from field is populated with the parent graphmart name, and the Copy permissions to field is empty.

Graphmart Level Permissions Reference

Graphmart level permissions control a user’s ability to view, activate and deactivate, reload or refresh a graphmart, modify a graphmart's content, or view or modify its metadata. There are three predefined graphmart permission sets that include a combination of six permissions that can be assigned to user or group. You also have the option to customize the set of permissions that are applied to a user or group.

The table below lists the predefined permission sets and describes the privileges that are granted for each permission that is part of the predefined set:

Set Permission Allows a user to:
View View
(Graphmart)
  • See the graphmart in the Anzo application.
  • Copy the graphmart URI from the Overview tab.
  • Copy data layer URIs from the Data Layers tab.
  • See the existing Data on Demand endpoints on the Data on Demand tab.
  • View and clone the editions that are included in the graphmart.
  • Reload and refresh the graphmart.
  • Create and import graphmart versions.
Meta View
(Sharing Tab)
  • This permission relates only to the graphmart Sharing tab. A user with this permission can see the Sharing tab, but they cannot modify, add, or remove permissions.
  Modify In addition to the View and Meta View permissions described above, the Modify set includes the Add/Edit and Delete permissions described below.
Add/Edit
(Graphmart)
  • Rename the graphmart and edit the description.
  • Create Data on Demand endpoints.
  • Add data sets to the graphmart.
  • Enable, disable, or add and edit data layers and steps.
  • Activate and deactivate the graphmart.
Delete
(Graphmart)
  • Remove data sets from the graphmart.
  • Delete data layers and steps from the graphmart.
  • Delete the graphmart.
  Admin In addition to the View, Meta View, Add/Edit, and Delete permissions described above, the Admin set includes the Meta Add/Edit and Meta Delete permissions described below.
Meta Add/Edit
(Sharing Tab)
  • This permission relates only to the graphmart Sharing tab. A user with this permission can modify the sharing settings by adding permissions to a user or group.
Meta Delete
(Sharing Tab)
  • This permission relates only to the graphmart Sharing tab. A user with this permission can modify the sharing settings by removing permissions from a user or group.

Default Graphmart Permissions

The table below lists the predefined permission sets that are applied by default when a new graphmart is created. Besides the sysadmin user, the graphmart creator is granted Admin privileges by default. The Everyone role is granted View privileges by default. No other users or groups have graphmart permissions assigned by default.

Anzo User/Role Applied Permission Set
Sysadmin User Admin
Graphmart Creator Admin
Everyone Role View

The default graphmart permission configuration is controlled by the default access policy for the Graphmarts registry. For information about default access policies, see Managing Default Access Policies.

Data Layer Level Permissions Reference

Data layer level permissions control a user’s ability to view, enable and disable, and edit, create, and delete a data layer or view or modify its metadata.

Data layer permissions also depend on the permissions assigned for the parent graphmart. By default, all data layers and steps in a graphmart inherit their permissions from the graphmart. To navigate to a data layer, a user needs to have View permissions for the parent graphmart. To activate or deactivate the graphmart that contains the data layer of interest, or to create a new data layer, a user needs Modify permissions for the graphmart.

There are three predefined data layer permission sets that include a combination of six permissions that can be assigned to an Anzo user, group, or role. You also have the option to customize the set of permissions that are applied to a user or group.

The table below lists the predefined permission sets and describes the privileges that are granted for each permission that is part of the predefined set:

Set Permission Allows a user to:
View View
(Data Layer)
  • See the layer on the Data Layers tab in the Anzo application.
  • Make a copy of the layer and copy the layer URI.
  • Make a copy of the steps in the layer and copy the step URIs.
  • View the data that is output by the layer.
Meta View
(Security Tab)
  • This permission relates only to the layer Security tab. A user with this permission can see the Security tab but they cannot modify, add, or remove permissions.
  Modify In addition to the View and Meta View permissions described above, the Modify set includes the Add/Edit and Delete permissions described below.
Add/Edit
(Data Layer)
  • Modify the data layer.
Delete
(Data Layer)
  • Delete the data layer.
  Admin In addition to the View, Meta View, Add/Edit, and Delete permissions described above, the Admin set includes the Meta Add/Edit and Meta Delete permissions described below.
Meta Add/Edit
(Security Tab)
  • This permission relates only to the layer Security tab. A user with this permission can modify security settings by adding permissions to a user or group.
Meta Delete
(Security Tab)
  • This permission relates only to the layer Security tab. A user with this permission can modify security settings by removing permissions from a user or group.

Default Data Layer Permissions

The table below lists the predefined permission sets that are applied by default when a new layer is created. Besides the sysadmin user, the layer creator is granted Admin privileges by default. The Everyone role is granted View privileges by default. No other users, groups, or roles have layer permissions assigned by default.

Anzo User/Role Applied Permission Set
Sysadmin User Admin
Layer Creator Admin
Everyone Role View

Step Level Permissions Reference

Step level permissions control a user’s ability to view, enable and disable, and edit, create, and delete a step or view or modify its metadata.

Step level permissions also depend on the permissions assigned for the parent data layer and graphmart. By default, all data layers and steps in a graphmart inherit their permissions from the graphmart. To navigate to a step, a user needs to have View permissions for the parent graphmart and layer. To enable, disable, or edit and delete steps, a user needs Modify permissions for the data layer.

There are three predefined step permission sets that include a combination of six permissions that can be assigned to an Anzo user, group, or role. You also have the option to customize the set of permissions that are applied to a user, group, or role.

The table below lists the predefined permission sets and describes the privileges that are granted for each permission that is part of the predefined set:

Set Permission Allows a user to:
View View
(Step)
  • See the step on the Data Layers tab in the Anzo application.
  • Make a copy of the step and copy the step URI.
  • View the data that is output by the step.
Meta View
(Security Tab)
  • This permission relates only to the step Security tab. A user with this permission can see the Security tab but they cannot modify, add, or remove permissions.
  Modify In addition to the View and Meta View permissions described above, the Modify set includes the Add/Edit and Delete permissions described below.
Add/Edit
(Step)
  • Modify the step.
Delete
(Step)
  • Delete the step.
  Admin In addition to the View, Meta View, Add/Edit, and Delete permissions described above, the Admin set includes the Meta Add/Edit and Meta Delete permissions described below.
Meta Add/Edit
(Security Tab)
  • This permission relates only to the step Security tab. A user with this permission can modify step access by adding permissions to a user or group.
Meta Delete
(Security Tab)
  • This permission relates only to the step Security tab. A user with this permission can modify step access by removing permissions from a user or group.

Default Step Permissions

The table below lists the predefined permission sets that are applied by default when a new step is created. Besides the sysadmin user, the step creator is granted Admin privileges by default. The Everyone role is granted View privileges by default. No other users, groups, or roles have step permissions assigned by default.

Anzo User/Role Applied Permission Set
Sysadmin User Admin
Step Creator Admin
Everyone Role View

Configuring Graphmart, Layer, or Step Permissions

Follow the instructions below to configure permissions at the graphmart, data layer, or step level. For details about the predefined permission sets and associated privileges, see the Graphmart, Layer, and Step Permissions Reference above.

  1. In the Anzo application, expand the Blend menu and click Graphmarts. Anzo displays a list of the existing graphmarts. For example:

  2. On the Graphmarts screen, click the name of the graphmart for which you want to configure permissions. Anzo displays the graphmart details. For example:

  3. Follow the appropriate instructions below, depending on whether you want to configure permissions at the graphmart level or for a layer or step in the graphmart:
    • To configure permissions at the graphmart level, click the Sharing tab. The Sharing screen is displayed. For example:

    • To configure permissions for a data layer or step in the graphmart, click the Data Layers tab. On the Data Layers screen, find the layer or step that you want to configure. Then click the menu icon () for that layer or step and select Edit. On the Edit screen, click the Security tab. The security screen is displayed. For example:

  4. On the security screen, type a value in the Search users, roles or groups field to find and display a user or group. The resulting list shows the current permission level that is set for each user or group that was found by the search. For example, the image below shows a list of roles and their current permissions (None):

  5. On the left side of the screen, select the user or group for which you want to configure permissions. The permissions settings are displayed on the right side of the screen. For example:

  6. To assign a predefined set of permissions, click the View, Modify, or Admin radio button to assign that level of access to the selected user, role, or group. Refer to the Graphmart, Layer, and Step Permissions Reference above for details about the permissions sets. For example, the image below gives Modify permissions to users with the Data Scientist role:

    If you want to customize the permissions, click the Custom radio button and then select or deselect the permissions checkboxes. To clear permissions for a user, role, or group, click the trashcan icon () next to the user, role, or group name.

  7. If you want to change the inheritance for the component, use the fields below the permissions table. For details about inheritance, see Permission Inheritance above. To apply all of the permissions from another component to this component, select the component to inherit from in the Copy permissions from field. To pass this component's permissions to other components, select the components to pass permissions to in the Copy permissions to field. For example, the image below shows the inheritance configuration for a graphmart:

Changes to graphmart, data layer, and step permissions take effect immediately. Users do not need to log out and log back in, and affected graphmarts do not need to be reloaded or refreshed.

Related Topics