Managing Datafari Roles and Users

Owned by Cedric
Last updated: 30 Dec, 2020 by Cedric
7 min read

Valid from Datafari 5.0
The documentation below is valid from Datafari 5.0 updwards

If you have properly configured the Active Directory in Datafari, all the AD users will be able to connect to Datafari without further configuration, with the SearchConnectedUser role automatically applied. 

There are three types of users in Datafari, that you can manage from the admin UI:

  • Imported users, which are users managed by an external system (your AD for instance) - Enterprise Edition only

  • Non imported users, which are created and managed directly in Datafari, and exist only there (usually for demo purposes)

  • Datafari Services Users, which are users related to the internal components such as the Apache server, Solr and ELK openDistro.

Forget User (Enterprise Edition only):

Whatever case you are in, the Forget User functionality allows the admin to erase a user from the Datafari system. If we are in an “imported user” scenario, obviously it will not delete the user from the origin system, only from Datafari. This functionality removes all the actions of a user. If we are in a “non imported user” scenario, it will completly delete the user. For Enterprise Edition users, you can find more information in this page: Privacy and Audit - Enterprise Edition

Case 1: you do not have an external system to manage users (no AD for instance)

In this case 1, we are dealing with “non imported Datafari users”. As a Search administrator you may want to add/remove or modify a non imported user for Datafari. This can be done through the admin interface of Datafari, the 'User Management' tab allows you to 'Add' or 'Modify' non imported users:

1.1 Let's start with the 'Add non imported Datafari User'. If you click on this tab, a form will be displayed with some fields to fill :

  • username: Here you can enter the username you want to create or add to the datafari users in case it is an Active Directory user

  • password: the user password

  • retype password: confirm the user password

  • add role: here you can add roles to the user. By default, 3 roles are available:
    - SearchAdministrator: this role give a full access to all the features of Datafari
    - SearchExpert: this role give an access to all the SearchExpert features
    - ConnectedSearchUser: this is the basic user role that allows the user to connect to Datafari
    To add a role, type the first characters of the role, a pop-up suggestion will appear, select the suggestion to confirm the wanted role.
    If you want to remove a role, simply click on the red cross associated to the role.

Once you have fulfilled all the fields, you can click on the 'ADD NON IMPORTED DATAFARI USER' button. If everything is correct, you will have a green message saying 'User Successfully Saved', otherwise you will have a red message telling you what's wrong.

1.2 The 'Manage non imported Datafari Users' tab shows all the users in Datafari that have roles:

In this view you can:

  • Change the password of a user by typing a new password and press the 'Return' key on your keyboard

  • Add or remove roles to a user as in the 'Add User' interface. Adding or deleting a role is immediately taken in account.

Case 2: you have an external system to manage users (an AD for instance) - Enterprise Edition only

In this case 2, we are dealing with “imported Datafari users”. As a Search administrator you may want to remove or modify an imported user for Datafari. This can be done through the admin interface of Datafari, the 'User Management' tab allows you to Manage imported users:

If you have properly configured the Active Directory in Datafari, all the AD users will be able to connect to Datafari without further configuration, with the SearchConnectedUser role automatically applied. This management page is used to assign specific Datafari roles to imported users. Note that you will not see a given imported user until it connected at least once to Datafari.

  • add role: here you can add roles to the user. By default, 3 roles are available:
    - SearchAdministrator: this role give a full access to all the features of Datafari
    - SearchExpert: this role give an access to all the SearchExpert features
    - ConnectedSearchUser: this is the basic user role that allows the user to connect to Datafari
    To add a role, type the first characters of the role, a pop-up suggestion will appear, select the suggestion to confirm the wanted role.
    If you want to remove a role, simply click on the red cross associated to the role.

Valid from 3.1 up to 4.x

The documentation below is valid from Datafari v3.1 upwards

 

As a Search administrator you may want to add/remove or modify a user for Datafari. This can be done through the admin interface of Datafari, the 'User Management' tab allows you to 'Add' or 'Modify' users:

1) Let's start with the 'Add User'. This functionality is meant to add new users to Datafari or to add roles to an existing Active Directory user. If you click on this tab, a form will be displayed with some fields to fill :

  • username: Here you can enter the username you want to create or add to the datafari users in case it is an Active Directory user

  • AD User: check it if you are adding an Active Directory user to give him roles. If this option is checked, the password fields will disappear.

  • password: the user password (this field is not available if you have checked the 'AD User' option)

  • retype password: confirm the user password (this field is not available if you have checked the 'AD User' option)

  • add role: here you can add roles to the user. By default, 3 roles are available:
    - SearchAdministrator: this role give a full access to all the features of Datafari
    - SearchExpert: this role give an access to all the SearchExpert features
    - ConnectedSearchUser: this is the basic user role that allows the user to connect to Datafari
    To add a role, type the first characters of the role, a pop-up suggestion will appear, select the suggestion to confirm the wanted role.
    If you want to remove a role, simply click on the red cross associated to the role.

Once you have fulfilled all the fields, you can click on the 'ADD' button. If everything is correct, you will have a green message saying 'User Successfully Saved', otherwise you will have a red message telling you what's wrong.
When adding an Active Directory user, Datafari will use the AD configuration to test if the user exists before adding it. So a  'User Successfully Saved' message indicates that the user has been found in the Active Directory and the selected Datafari roles added to it (in the Datafari system, not as real Active Directory roles)

2) The 'Modify Users' tab shows all the users in Datafari that have roles. All the Active Directory users that don't have any role are not displayed in this view:

In this view you can:

  • Change the password of a user by typing a new password and press the 'Return' key on your keyboard

  • Add or remove roles to a user as in the 'Add User' interface. Adding or deleting a role is immediately taken in account.