Manage global roles, user groups, and settings
Last modified on 15-Oct-24
To manage the actions of users that belong to a single organization, Soda Cloud uses roles, groups, and access permissions.
These roles and groups and their associated permissions enforce limits on the abilities for users to access or make changes to resources, or to make additions and changes to organization settings and default access permissions.
About roles, groups, and permissions
Global roles and permissions
Manage organization settings
Add multiple organizations
View users
Manage user groups
Manage global roles
Access and audit trail
Go further
About roles, groups, and permissions
Soda Cloud makes use of roles, groups, and permissions to manage user access to functionalities, such as alert notifications, and resources, such as datasets and data sources, in the organization. The following table defines the terminology Soda Cloud uses.
| Term | Description |
|---|---|
| User | Refers to anyone with access to a Soda Cloud account, or organization. Users may belong to multiple Soda Cloud organizations, as when teams set up separate organizations for staging, development, and production environments; see Add multiple organizations. You can invite a person to join your Soda Cloud account as a user (your avatar > Invite Users), or you can use an SSO integration to manage your team’s access to a Soda Cloud account. |
| User Group | Refers to a named collection of individual users in a Soda Cloud account. If you use an SSO integration to manage your team’s access to Soda Cloud, you can optionally choose to synchronize the user groups you have defined in your identity provider (Okta, Azure AD, etc.) and assign roles to those synched user groups in Soda Cloud. |
| Role | Refers to a named set of permissions that, when assigned to a user or user group, define how the user or group may access or act upon resources or functionalities in Soda Cloud. Roles in Soda Cloud exist at either a global or dataset level. Read more |
| Permission | Refers to a rule that governs an activity or access as it relates to a resource or functionality in Soda Cloud. |
| Permission group | Refers to a named set of permissions. When you create a new global or dataset role in Soda Cloud, you add permission groups, instead of individual, granular permissions. For example, you can assign the permission group , “Manage scan definitions” to a custom global role called “Engineers”, giving users or user groups who are assigned this role the ability to create, edit, or delete scan definitions for a data source. |
| Responsibilities | Refers to a subset of role-based access controls for newly-onboarded datasets. These settings determine inclusion in the Everyone user group and the roles Dataset Owners get for newly-onboarded datasets; see Assign dataset roles. |
| License | Refers to a legacy billing model that encourages unlimited Viewers with read-only access to Soda Cloud, and some Authors with read-write access to resources and functionality. |
Roles
There are two type of roles that regulate permissions in Soda Cloud: Global and Dataset. You can assign each type of role to users or user groups in Soda Cloud to organize role-based access control to resources and functionality in your account. You can also customize the permissions of the out-of-the-box roles Soda Cloud includes, or you can create new roles and assign permissions to roles as you wish.
| Type of role | Description | OOTB roles | Permissions |
|---|---|---|---|
| Global | Regulates permissions to access account-level functionalities and resources such as notification rules, integrations, and scan definitions. | Admin User | Global roles and permissions |
| Dataset | Regulates permissions to access, and act upon, individual datasets. | Manager Editor Viewer | Dataset roles and permissions |
Global roles and permissions
By default, when a new user accepts an invitation to join an existing Soda Cloud organization, or when they gain access to an organization via SSO, Soda Cloud applies the the global role of User in the organization. If you are the first user in your organization to sign up for Soda Cloud, you become a global Admin for the account by default. Note, you can have more than one global Admin user in a Soda Cloud account.
The following table outlines the permission groups for each out-of-the-box global role.
| Permission group | Permissions | Admin | User |
|---|---|---|---|
| Create agreements | • Create new agreements | ✓ | ✓ |
| Create new datasets and data sources with Soda Library | • Create datasets through Soda Library for an existing data source | ✓ | ✓ |
| Manage attributes | • Create, edit, or delete check attributes | ✓ | |
| Manage data sources and agents | • Add, edit, or delete a new data source in Soda Cloud • Add, edit, or delete a new data source via Soda Library • Add, edit, or delete a self-hosted Soda agent | ✓ | |
| Manage notification rules | • Create, edit, or delete notification rules | ✓ | ✓ |
| Manage organization settings Read more | • Manage organization settings • Deactivate users • Create, edit, or delete user groups • Create, edit, or delete dataset roles • Create, edit, or delete global roles • Assign global roles to users or user groups • Add, edit, or delete integrations • Access and download the audit trail | ✓ | |
| Manage scan definitions | • Create, edit, or delete scan definitions. | ✓ | ✓ |
| n/a 1 | • Read-write access to all agreements • Read-write access to all datasets | ✓ |
1 Global admin users have these permissions, but you cannot add this nameless permission group to a custom global role.
Manage organization settings
As a user with the permission to do so, login to your Soda Cloud account and navigate to your avatar > Organization Settings. Use the table below as reference for the tasks you can perform within each tab.
| Tab | Tasks |
|---|---|
| Organization | • Adjust the name of the organization. • Review the type of Soda Cloud Plan to which your organization subscribes. • Adjust enablement settings for data sampling, access to a Soda-hosted Agent, and access to Soda AI features in your account. |
| Users | • View a list of people who have access to the Soda Cloud account. • Review each user’s License status as an Author or Viewer, their access to Admin permissions, and the user groups to which they belong. • Reset a user’s password • Deactivate a user’s account. |
| User Groups | Create and manage custom groups of users in your Soda Cloud organization; see Create custom user groups. |
| Global Roles | • View create, edit, or delete out-of-the-box or custom global roles. • View the users or user groups assigned to each global role. |
| Dataset Roles | • View create, edit, or delete out-of-the-box or custom dataset roles. • View or edit the datasets that use each dataset role. • Review or edit Responsibilities for newly onboarded datasets; see Assign dataset roles. |
| Integrations | Connect Soda Cloud to your organization’s Slack workspace, MS Team channel, or other third-party tool via webhook. |
| Audit Trail | Download a CSV file that contains user audit trail information. |
Add multiple organizations
You may find it useful to set up multiple organizations in Soda Cloud so that each corresponds with a different environment in your network infrastructure, such as production, staging, and development. Such a setup makes it easy for you and your team to access multiple, independent Soda Cloud organizations using the same profile, or login credentials.
Note that Soda Cloud associates any API keys that you generate within an organization with both your profile and the organization in which you generated the keys. API keys are not interchangeable between organizations.
Contact support@soda.io to request multiple organizations for Soda Cloud.
View users
A few Soda Cloud legacy licensing models include a specific number of Author licenses for users of the Soda Cloud account. A user’s license status controls whether they can make changes to any datasets, checks, and agreements in the Soda Cloud account.
- Authors essentially have read-write access to Soda Cloud resources and functionalities, and maintain the dataset role of Admin, Manager, or Editor.
- Viewers essentially have read-only access to Soda Cloud resources and maintain the dataset role of Viewer.
- To review the licenses that your users have, as a user with permission to do so, login to your Soda Cloud account and navigate to your avatar > Organization Settings.
- Access the Users tab to view a list of people who have access to your Soda Cloud account, including:
- the license each user has, if relevant
- the user groups they belong to
- if they have global Admin permissions
- Click a user’s Author or Viewer label in the License column to access a Responsibilities window that lists the user’s access to resources (datasets, agreements, and checks), the role they hold for each resource, and their license status relative to the resource.
Manage user groups
Create or edit user groups in Soda Cloud to manage global and dataset role-based permissions to resources.
As a user with permission to do so, navigate to your avatar > Organization Settings, then access the User Groups tab. Click Create User Group, then follow the guided workflow to create a group and add individual members. Once created, assign the user group to any of the following resources.
- In the User Groups tab, assign an out-of-the-box or custom global role to user groups instead of individually assigning global roles to users.
- In Edit Dataset Responsibilities, add a user group as a member and assign it a dataset role to control the way users in the group access or act upon the dataset.
- Assign user groups as alert notification rules recipients to make sure the right team, with the right permissions for the dataset(s), gets notified when checks warn or fail.
- For redundancy, assign dataset ownership to user groups instead of individual users.
- Add a user group to a discussion in Soda Cloud so the whole team can review newly-proposed no-code checks.
- Add user groups as stakeholders in an agreement so that whole teams can collaborate on the expected state of data quality for one or more datasets.
If you use an SSO integration to manage your team’s access to Soda Cloud, you can optionally choose to synchronize the user groups you have defined in your identity provider (Okta, Azure AD, etc.) and assign roles to those synched user groups in Soda Cloud. See: Sync user groups from an IdP
Manage global roles
Create or edit global and dataset roles to assign to users or user groups in Soda Cloud.
As a user with permission to do so, navigate to your avatar > Organization Settings, then access the Global Roles tab. Click Add Global Role, then follow the guided workflow to name a role and add permissions groups. Refer to the table above for a list of permissions groups, and their associated permissions, that you can assign to global roles.
To associate individual users or user groups with global roles, you can do so in one of two ways:
- Add users or groups to role: Navigate to your avatar > Organization Settings. In the Global Roles tab, click the stacked dots next to the role to which you wish to assign to users or groups and select Assign Members.
- Add role to user or group: Navigate to your avatar > Organization Settings. In the Users tab or User Groups, click the stacked dots next to the user or group to which you wish to assign a particular global role and select Assign Global Roles.
Access an audit trail
To meet your organization’s regulatory and policy mandates, you can download a CSV file that contains an audit trail of activity on your Soda Cloud account for a date range you specify. The file contains details of each user’s actions, their email and IP addresses, and a timestamp of the action. An Admin is the only account-level role that can access an audit trail for a Soda Cloud account.
- As a user with the permission to do so, login to your Soda Cloud account and navigate to your avatar > Organization Settings. Only Admins can view Organization Settings.
- Access the Audit Trail tab, then set the date range of usage details you wish to examine and click Download.
Alternatively, you can use the Audit Trail endpoint in Soda Cloud’s Reporting API to access audit trail data.
Go further
- Need help? Join the Soda community on Slack.
- Learn more about the relationship between resources in Soda’s architecture.
- Organize your datasets to facilitate your search for the right data.
- Invite colleagues to join your organization’s Soda Cloud account.
- Learn more about creating and tracking Soda Incidents.
Was this documentation helpful?
What could we do to improve this page?
- Suggest a docs change in GitHub.
- Share feedback in the Soda community on Slack.
Documentation always applies to the latest version of Soda products
Last modified on 15-Oct-24