An Amorphic User is a person/entity registered to the application. User capabilities are determined by the type of role assigned.
Amorphic User section provides the following capabilities:
- List all the existing users in the system.
- View user profile details.
- View a comprehensive list of all the resources owned by a User. Example : What role the user has, datasets created etc.
- Suspend and Delete a User.
The following picture depicts the User Management Console in Amorphic:
Amorphic User contains the following information:
User Metadata Information
|User Name||User Name, which uniquely identifies the registered user.|
|Email Address||Email address of the user which is registered with the Amorphic application|
|Full Name||User's full Name|
|Email Subscription||'Yes' or 'No' depending on the user's subscription to application's email notifications|
|Default Role||User's default role determines what all services that he/she sees when logged in|
|User Creation Date||Timestamp when the role was recently updated.|
|MFA Status||Status of the user's MFA whether it is enabled or disabled|
How are users associated to an role
As part of Amorphic RBAC, every user is provided with a Default role which provides basic application access. Other than the default role, User can be attached to any other custom role by an Administrator. Each user can have one or more roles based on the level of responsibilities.
User has the ability to switch between roles to perform various activities and also can choose a default role (which will be the role after every login) for quicker access to Amorphic services.
Amorphic Users provides the following operations
- View User(s) : View existing Role Metadata Information
- Suspend User : Suspend an existing user.
- Delete User : Delete an existing role.
You can view a User(s) in Amorphic by using the “Users” section under “Management” of Amorphic application. Please find the following animation for quick overview of Users.
If user is unable to see the view User(s) page, you need to repair the User, it might be the case user have some inconsistentancy in Amorphic data.
Following inconsistentancies are repaired:
- Repair UserTable: Removes invalid and inactive groups from user table for the user whom repair is performed
- Repair ResourceGroupsTable: Remove all invalid entries from resource groups table, by checking id present in respective resource table
- Repair GroupsTable: Remove all invalid entries from groups table, invalid items are which do not have isActive, GroupType columns and group_id does not contain a valid user in its name like in g_user1_owner, user1 must be a valid user.
- Redshift Permission Repair: Add permissions for datasets,views,domains in dynamodb from redshift side, Remove unwanted permissions on resources from redshift side, Add/Remove user to redshift groups based on dynamoDB metadata.
- Find User Access Parity issues
We can repair these inconsistentancies using as follows: You can view an Repair User resource metadata in Amorphic by using any user from the “Users” section under “Management” of Amorphic application. Please find the following animation for quick overview of repair User.
Batch Repair User (API Only)
Batch repair user performs user repair for all the users in Amorphic. In addition to the repairs for a single user, the following repairs are done:
- Remove Metadata of Invalid User: Removes metadata of invalid/inactive user from different resource groups table and user dataset table.
- Find User Access Parity issues and execute batch repair and sends email notification.
The API request is as follows:
Resource Path: /users/batch-repair
HTTP Method: PUT
Once batch repair is complete, the user who initiated batch repair will receive an email with repair report.
This option allows an administrator to suspend/de-activate a user temporarily. Please follow the below animation to suspend a user.
User can only delete a suspended User and if the user being deleted has any active resources then the ownership of those resources will be transferred to the selected new user.
This option allows an administrator to Delete a user permanently. Please follow the below images to delete the user.
Once the ownership of resources have been transferred, they can be accessed by the new owner.
Once the deletion is complete, emails are sent to the deleted user, the user who initiated the delete and the new owner of the resources.
The following resource types will be transferred to selected user as part of delete user action:
- Connection Apps
- Datasets (Both owner and read-only)
- DeepSearch Indices
- ML Models
- Entity Recognizers
- Notebooks (ML and ETL)
- Forecast Jobs
- ETL Jobs
- Glue Endpoints
- Shared Libraries
- Schedules (Schedules will be disabled before the transfer)
The following resource types doesn't need ownership transfer during the delete user action as they are at application level and these can be used by anyone registered to the application:
- Data classifications
- Mail Servers
- User Agreements