Introduction to Graphmart and Data Layer Sharing

This topic introduces you to the concepts that are helpful to know when working with Graphmart and Data Layer permissions. It also gives of overview of the Graphmart Sharing settings in the user interface and describes the predefined permission sets and associated privileges for users and groups.

Default Access Configuration

When a new Graphmart is created, the access control configuration of that Graphmart is defined by the Graphmarts Registry Default Access Policy that is configured by your administrator (see Managing Default Access Policies for information). Users who have permission to modify Graphmart access (as granted by the Default Access Policy) can share that Graphmart with other users and groups.

Configuration vs. Data Access Control

Graphmart and Data Layer sharing is managed on two levels: Configuration and Data Access. When managing access at the Configuration level, you are controlling who can view or modify the configuration of the Graphmart, such as who can edit the Graphmart settings on the Overview tab, who can enable, disable, modify, or add Data Layers, and who can view or modify the Graphmart permissions. The Data Access configuration controls who can view the data that is contained within the Graphmart.

Permission Inheritance

When assigning Configuration and Data Access permissions at the Graphmart level, you can configure the Graphmart to inherit the permissions from another artifact and/or pass on its permissions to additional artifacts. For example, you can configure one Graphmart to pass its permissions to other Graphmarts. Inheritance transmits all of the artifact's permissions for all users and groups.

Since Data Layers are created in Graphmarts, they inherit their permissions from the Graphmart by default—with one exception: Layers with Load Data Steps inherit their Data Access permissions from the Dataset. Data on Demand endpoints also inherit their permissions from the parent Graphmart by default.

The inheritance settings are displayed at the top of the Configuration and Data Access tabs on the Graphmart Sharing screen.

Configuration Inheritance

The image below shows a Graphmart Configuration tab with the default inheritance settings. The Inherit permissions from field is blank because the Graphmart is configured to follow the Default Access Policy. The Pass permissions to field lists any Data Layers ("Tickets to Store" in the image), Steps ("Load Tickets to Store"), and Data on Demand endpoints ("Venues") that inherit their Configuration permissions from the Graphmart.

If this Graphmart had associated backup Versions, those Versions would also be listed in the Pass permissions to field.

Data Access Inheritance

The image below shows the Data Access tab for the same Graphmart. The Graphmart Level View Permissions are set to Inherit from Graphmart by default. And Default Layer View Permissions (for new Layers) is also set to Inherit from Graphmart.

The Default Layer View Permissions (for new Layers) field sets the inheritance for new, user-created Data Layers. Anzo-created Load Data Layers inherit permissions from the Load Step's Dataset by default.

Below the inheritance settings, the Permissions Overview provides a detailed view of the permission inheritance for each Data Layer and Data on Demand endpoint in the Graphmart.

User and Group Configuration Permissions

Graphmart Configuration permissions control who can view or modify the Graphmart settings, who can enable, disable, modify, or add Data Layers, and who can view or modify the Graphmart permissions. There are three predefined permission sets that can be applied to a user or group. The permission sets include a combination of six permissions. You also have the option to customize the set of permissions that are applied to a user or group.

The table below lists the predefined permission sets and describes the privileges that are granted for each permission that is part of the set:

Set Permission Allows a user to:
View View
  • See the Graphmart in the Anzo application.
  • Copy the Graphmart URI from the Overview tab.
  • Copy Data Layer URIs from the Data Layers tab.
  • See the existing Data on Demand endpoints on the Data on Demand tab.
  • View and clone the Dataset Editions that are included in the Graphmart.
  • Reload and refresh the Graphmart.
  • Create and import Graphmart versions.
Meta View
  • This permission relates only to the Graphmart Sharing tab. A user with this permission can see the Sharing tab, but they cannot modify, add, or remove permissions.
  Modify In addition to the View and Meta View permissions described above, the Modify set includes the Add/Edit and Delete permissions described below.
Add/Edit
  • Rename the Graphmart and edit the description.
  • Create Data on Demand endpoints.
  • Add Datasets to the Graphmart.
  • Enable, disable, add, or edit Data Layers and Steps.
  • Activate and deactivate the Graphmart.
Delete
  • Remove Datasets from the Graphmart.
  • Delete Data Layers and Steps from the Graphmart.
  • Cannot delete the Graphmart.
  Admin In addition to the View, Meta View, Add/Edit, and Delete permissions described above, the Admin set includes the Meta Add/Edit and Meta Delete permissions described below.
Meta Add/Edit
  • This permission relates only to the Graphmart Sharing tab. A user with this permission can modify the sharing settings by adding permissions to a user or group.
Meta Delete
  • Modify the sharing settings by removing permissions from a user or group.
  • Delete the Graphmart.
Related Topics