Skip to main content
Skip table of contents

Configure User Permissions

Once you have created some user accounts, you need to give those users permission to access datasets. Typically, you will find it easiest to manage permissions by adding users to groups and then giving those groups the appropriate permissions, rather than trying to manage permissions on a per-user basis.

You are recommended to outline the permissions on paper before you start allocating permissions in SuperADMIN. This will help you to define the appropriate group structure and allocate permissions accordingly.

You can apply permissions to any item in the catalogue, including whole datasets, folders and individual fields or value sets. For more information about applying permissions at the field level, see Configure Field Level Security.

If you have configured SuperADMIN to use an external authentication service (such as LDAP or Active Directory), then in order to manage user and group permissions you must be logged in to SuperADMIN as a user who has been authenticated via the external authentication service. The user account must also be a member of the administrators group for that authentication service (i.e., it must be a user that belongs to the administrator group you specified using the auth <service_name> adminGroup <group> command when you set up the external authentication service).

Configure Permissions

To configure permissions, use the following command:

TEXT 
cat {<dataset_id>|<folder_id>} [ <item> ] access {<user>|<group>} {read|write|readpermissions|writepermissions} {true|false}

Where:

ParameterDescription
{<dataset_id>|<folder_id>}

The ID of the dataset or folder you are applying the permission to.

<item>

(Optional): the ID of an item within the dataset to apply security to. If you omit this, the permission is applied to the whole dataset.

The item can be a field, summation option, value, or value set (see these instructions for more information about configuring Field Level Security).

{<user>|<group>}

The user or group this setting applies to.

{read|write|readpermissions|writepermissions}

The permission to apply:

  • read - the user can read/view the catalogue item. You must give users read access to at least one dataset.
  • write - the user can write/edit/change the catalogue item (although not the data itself, this is read only).
  • readpermissions - the user can use SuperADMIN to see what permissions other users have.
  • writepermissions - the user can use SuperADMIN to change other users' permissions over the catalogue item.

See below for more details about the four user permissions.

{true|false}
  • Set to true to allow access for the specified user or group.
  • Set to false to deny access for the specified user or group.

For example, the following code gives the user jsmith read access to the entire Retail Banking dataset (ID: bank):

TEXT 
cat bank access jsmith read true

Check Permissions

There are two main ways to check the current permissions:

  • You can check what permissions a user or group have for a particular catalogue item using the following command:

    TEXT 
    cat {<dataset_id>|<folder_id>} [ <item> ] access {<user>|<group>}

    For example:

    TEXT 
    > cat bank access standardusers
[Access Settings : standardusers]
    read         : true
    write        : false
    r/permission : false
    w/permission : false

  • You can check which users and groups have permissions explicitly set for any item in the catalogue (such as a dataset, table, folder, record group, etc) using the following command:

    TEXT 
    cat <id> permissions

    For example:

    TEXT 
    > cat bank permissions
[Access Settings : guest, user2, standardusers, jsmith (Inheritable:true) ]
    read         : true

> cat MyFolder permissions
[Access Settings : jsmith (Inheritable:true) ]
    read         : true

The command cat <id> permissions only reports permissions that have been explicitly set for that item. It does not indicate inherited permissions (for example, if this is a dataset in a folder, the results will only tell you about permissions explicitly set at the dataset level, not any permissions that are set at the folder level, and which are being inherited by the dataset.

When you check the permissions for a specific user or group using the cat <id> access command, however, this will tell you that user or group's exact permissions over the item, taking into account inheritance.


Read and Write Permissions

There are four types of permission you can assign to users: read, write, readpermissions and writepermissions.

Standard users should only be given the read permission. This allows the user to access the dataset for cross tabulation using one of the SuperSTAR clients.

The other three permission levels are intended for administrator users only:

  • Users with write access to the dataset can amend the dataset settings in the SuperADMIN console (for example, they can change the dataset display name).
  • Users with readpermission access to the dataset can use SuperADMIN to see what permissions other users have.
  • Users with writepermission access to the dataset can use SuperADMIN to change user permissions on the dataset.

The data in the datasets is read-only. Users cannot change any of the underlying data, regardless of their permissions.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close