Skip to main content
 print this page

Dataset Level Access (DLA)

Dataset Level Access provides the user/group with access to all the datasets registered (and also datasets created in future) under a specific domain.

The access type will be same as the access providing for the domain:

  • Full access group/user -> owner access
  • Read-only access group/user -> read-only access
Note

Only a user with owner permissions on a domain can provide DLA on the domain to other users/groups.

Different scenarios considering DLA

  • If user/group domain access is provided then
    • Provides the regular domain access and ALSO provides the DLA (if requested) for the specific domain.
  • If DLA is provided for user/group then
    • Access to all datasets in the domain will be provided.
  • If DLA is revoked for user/group then
    • Revokes ONLY the DLA but not the regular domain access.
    • Datasets access state will be reset to the state earlier to the DLA provision.
  • If user/group domain access is revoked then
    • Revokes the regular domain access and ALSO revokes the DLA (if provided) for the specific domain.
    • Datasets access state will be reset to the state earlier to the DLA provision.
Note
  • For LF datasets, Dataset Level Access will be only given to existing datasets and no future datasets.
  • Dataset Level Access will not provide access for TBAC enabled datasets.

Dataset Level Access can be provided through different ways:

DLA through Groups

User can provide DLA through Groups for the required domains like any other resources i.e. Datasets, Dashboards etc based on the user access to the specific domain. If DLA is provided for any domain in the specific group then it'll be applicable to all the members of the group like any other resource based on the group type.

UI Process

  1. Navigate to Groups listing page.
  2. Click on group options for the required group.
  3. Click on 'Update Resources' and select the 'Resource Type' as Domains.
  4. Select the required domain(s) from the Domains dropdown or proceed with the existing domains in the group.
  5. Above selection will auto-populate 'Domain Dataset Level Access' toggle option for each domain.
  6. Toggle ON against the required domain to provide Dataset Level Access.

The following image shows the provision of DLA for a specific domain through Groups:

DLA through Groups

API Process

API → groups/{group_id}/domains & PUT method

DLA through Groups
    {"DomainNames": [
        {"airline": {"IsDatasetLevelAccessProvided": true}},
        {"movies": {"IsDatasetLevelAccessProvided": false}}
    ]}

DLA for user through specific domain (Resource Sharing)

User can provide DLA through Resource Sharing of a specific domain. If DLA is provided for any specific user then it'll be provided based on the selected access type.

UI Process

  1. Navigate to Domain details page for the specific domain.
  2. Click on share options for the domain.
  3. Click on 'Provide Access' button and select the User and the Access Type to provide.
  4. Toggle ON the 'Add Dataset level access' option.
  5. Click on the checkmark icon

The following image shows the provision of DLA for a user through the specific domain's details page: DLA for user

To provide DLA to a user/group that already has access to the domain, click on the 'Provide Dataset Access' option in the Share domain panel. Provide DLA

To revoke DLA from a user/group without removing the domain permissions, click on the 'Revoke Dataset Access' option in the Share domain panel. Revoke DLA

API Process

API → domains/{domain_name}/users/{user_id}/grants & POST method

Adding a user without DLA
    {
        "AccessType": "owner",
        "IsDatasetLevelAccessProvided": false
    }

API → domains/{domain_name}/users/{user_id}/grants & PUT method

Adding DLA for a specific user
    {
        "AccessType": "read-only",
        "IsDatasetLevelAccessProvided": true
    }

API → domains/{domain_name}/users/{user_id}/grants & PUT method

Removing DLA for a specific user
    {
        "AccessType": "read-only",
        "IsDatasetLevelAccessProvided": false
    }

API → domains/{domain_name}/users/{user_id}/grants & DELETE method

  • 'Remove user' from specified domain (Authorized Users) API/UI will be same but it'll revoke the DLA if provided along with the regular domain access.

DLA for group through specific domain (Resource Sharing)

User can provide DLA through the share option of a specific domain. If DLA is provided for any specific group then it'll be applicable to all the members of the group like any other resource based on the group type.

UI Process

The UI process is similar to the process followed for a user. Select the group instead of user here.

The following image shows the provision of DLA for a group through the specific domain's details page: DLA through domain

API Process

API → groups/{group_id}/domains & PUT method

Regarding the groups/{group_id}/{resource} PUT API, it'll be the same whether user performs the action from Authorized Groups or from Groups listing page. So in order to perform any DLA group action on the domain, User need to send all the domains information in the group along with the new update for the specific domain.

DLA through Authorized Groups
    {"DomainNames": [
        {"airline": {"IsDatasetLevelAccessProvided": false}}, # Make changes to ONLY this specific domain
        {"movies": {"IsDatasetLevelAccessProvided": false}} # Will be same as existing
    ]}
Tags:
Last updated on by Abdul Khader