Introduction to Graphmart and Data Layer Sharing
This topic introduces you to the concepts that are helpful to know when working with Graphmart and Data Layer permissions. It also gives of overview of the Graphmart Sharing settings in the user interface and describes the predefined permission sets and associated privileges for users and groups.
- Default Access Configuration
- Configuration vs. Data Access Control
- Permission Inheritance
- User and Group Configuration Permissions
Default Access Configuration
When a new Graphmart is created, the access control configuration of that Graphmart is defined by the Graphmarts Registry Default Access Policy that is configured by your administrator (see Managing Default Access Policies for information). Users who have permission to modify Graphmart access (as granted by the Default Access Policy) can share that Graphmart with other users and groups.
Configuration vs. Data Access Control
Graphmart and Data Layer sharing is managed on two levels: Configuration and Data Access. When managing access at the Configuration level, you are controlling who can view or modify the configuration of the Graphmart, such as who can edit the Graphmart settings on the Overview tab, who can enable, disable, modify, or add Data Layers, and who can view or modify the Graphmart permissions. The Data Access configuration controls who can view the data that is contained within the Graphmart.
Permission Inheritance
When assigning Configuration and Data Access permissions at the Graphmart level, you can configure the Graphmart to inherit the permissions from another artifact and/or pass on its permissions to additional artifacts. For example, you can configure one Graphmart to pass its permissions to other Graphmarts. Inheritance transmits all of the artifact's permissions for all users and groups.
Since Data Layers are created in Graphmarts, they inherit their permissions from the Graphmart by default—with one exception: Layers with Load Data Steps inherit their Data Access permissions from the Dataset. Data on Demand endpoints also inherit their permissions from the parent Graphmart by default.
The inheritance settings are displayed at the top of the Configuration and Data Access tabs on the Graphmart Sharing screen.
Configuration Inheritance
The image below shows a Graphmart Configuration tab with the default inheritance settings. The Inherit permissions from field is blank because the Graphmart is configured to follow the Default Access Policy. The Pass permissions to field lists any Data Layers ("Tickets to Store" in the image), Steps ("Load Tickets to Store"), and Data on Demand endpoints ("Venues") that inherit their Configuration permissions from the Graphmart.
If this Graphmart had associated backup Versions, those Versions would also be listed in the Pass permissions to field.
Data Access Inheritance
The image below shows the Data Access tab for the same Graphmart. The Graphmart Level View Permissions are set to Inherit from Graphmart by default. And Default Layer View Permissions (for new Layers) is also set to Inherit from Graphmart.
The Default Layer View Permissions (for new Layers) field sets the inheritance for new, user-created Data Layers. Anzo-created Load Data Layers inherit permissions from the Load Step's Dataset by default.
Below the inheritance settings, the Permissions Overview provides a detailed view of the permission inheritance for each Data Layer and Data on Demand endpoint in the Graphmart.
User and Group Configuration Permissions
Graphmart Configuration permissions control who can view or modify the Graphmart settings, who can enable, disable, modify, or add Data Layers, and who can view or modify the Graphmart permissions. There are three predefined permission sets that can be applied to a user or group. The permission sets include a combination of six permissions. You also have the option to customize the set of permissions that are applied to a user or group.
The table below lists the predefined permission sets and describes the privileges that are granted for each permission that is part of the set:
Set | Permission | Allows a user to: |
---|---|---|
View | View |
|
Meta View |
|
|
Modify | In addition to the View and Meta View permissions described above, the Modify set includes the Add/Edit and Delete permissions described below. | |
Add/Edit |
|
|
Delete |
|
|
Admin | In addition to the View, Meta View, Add/Edit, and Delete permissions described above, the Admin set includes the Meta Add/Edit and Meta Delete permissions described below. | |
Meta Add/Edit |
|
|
Meta Delete |
|