Skip to main content
 print this page

Dataset Level Access (DLA) [Beta]

Dataset Level Access provides the user/group with access to all the datasets registered (and also datasets created in future) under a specific domain.

The access type will be same as the access providing for the domain:

  • Full access group/user -> owner access
  • Read-only access group/user -> read-only access

Different scenarios considering DLA

  • If user/group domain access is provided then
    • Provides the regular domain access and ALSO provides the DLA (if requested) for the specific domain.
  • If DLA is provided for user/group then
    • Access to all datasets in the domain will be provided.
  • If DLA is revoked for user/group then
    • Revokes ONLY the DLA but not the regular domain access.
    • Datasets access state will be reset to the state earlier to the DLA provision.
  • If user/group domain access is revoked then
    • Revokes the regular domain access and ALSO revokes the DLA (if provided) for the specific domain.
    • Datasets access state will be reset to the state earlier to the DLA provision.

Dataset Level Access can be provided through different ways:

DLA through Groups

User can provide DLA through Groups for the required domains like any other resources i.e. Datasets, Dashboards etc based on the user access to the specific domain. If DLA is provided for any domain in the specific group then it'll be applicable to all the members of the group like any other resource based on the group type.

UI Process

  1. Navigate to Groups listing page.
  2. Click on group options for the required group.
  3. Click on 'Update Resources' and select the 'Resource Type' as Domains.
  4. Select the required domain(s) from the Domains dropdown or proceed with the existing domains in the group.
  5. Above selection will auto-populate 'Domain Dataset Level Access' toggle option for each domain.
  6. Toggle ON against the required domain to provide Dataset Level Access.

The following image shows the provision of DLA for a specific domain through Groups:

DLA through Groups

API Process

API → groups/{group_id}/domains & PUT method

DLA through Groups
    {"DomainNames": [
{"airline": {"IsDatasetLevelAccessProvided": true}},
{"movies": {"IsDatasetLevelAccessProvided": false}}
]}

DLA through specific domain (Authorized Users)

User can provide DLA through Authorized Users of a specific domain. If DLA is provided for any specific user then it'll be provided based on the selected access type.

UI Process

Note

As of Amorphic 1.13, UI for 'DLA through specific domain (Authorized Users)' is not implemented. Only API is available.

API Process

API → domains/{domain_name}/users/{user_id}/grants & POST method

Adding a user without DLA
    {
"AccessType": "owner",
"IsDatasetLevelAccessProvided": false
}

API → domains/{domain_name}/users/{user_id}/grants & PUT method

Adding DLA for a specific user
    {
"AccessType": "read-only",
"IsDatasetLevelAccessProvided": true
}

API → domains/{domain_name}/users/{user_id}/grants & PUT method

Removing DLA for a specific user
    {
"AccessType": "read-only",
"IsDatasetLevelAccessProvided": false
}

API → domains/{domain_name}/users/{user_id}/grants & DELETE method

  • 'Remove user' from specified domain (Authorized Users) API/UI will be same but it'll revoke the DLA if provided along with the regular domain access.

DLA through specific domain (Authorized Groups)

User can provide DLA through Authorized Groups of a specific domain. If DLA is provided for any specific group then it'll be applicable to all the members of the group like any other resource based on the group type.

UI Process

Note

As of Amorphic 1.13, UI for 'DLA through specific domain (Authorized Groups)' is not implemented. Only API is available.

API Process

API → groups/{group_id}/domains & PUT method

Regarding the groups/{group_id}/{resourece} PUT API, it'll be the same whether user performs the action from Authorized Groups or from Groups listing page. So in order to perform any DLA group action on the domain, User need to send all the domains information in the group along with the new update for the specific domain.

DLA through Authorized Groups
    {"DomainNames": [
{"airline": {"IsDatasetLevelAccessProvided": false}}, # Make changes to ONLY this specific domain
{"movies": {"IsDatasetLevelAccessProvided": false}} # Will be same as existing
]}