Global User Management

Data Clouds Role Management

The roles that can be managed in the Data Clouds system include:

Role	Effect	Role Capability
`admin@{id}.dataclouds`	Data Clouds instance management, role management	Manage Data Clouds instances, and manage users.
`devops@{id}.dataclouds`	Data Clouds instance management	Manage Data Clouds instances
`viewer@{id}.dataclouds`	Data Clouds subscription	Perform all query operations on Data Clouds instances

Managing Permissions for Data Clouds

After logging into the Tacnode platform, select [Data Clouds] - [Specific Data Clouds ID on the right] - [Permission Management], as shown below:

Tree View of Data Clouds Role Relationships

Adding and Removing Users in the Data Clouds Role

Adding Users

Click [Data Clouds] - [Specific Data Clouds ID on the right] - [Permission Management] to open the permission management panel.
Click [Authorize User] next to the relevant role on the right side.
In the pop-up window, enter the email address of the intended user.
Click the [OK] button.

Log in to the database using the administrator via psql or other clients;
Only email accounts registered on the Tacnode platform are currently supported. Otherwise, an error message will appear: ERROR: a role/user named auth@example.com has not been registered yet.
If administrator privileges are granted, the system will execute CREATE USER "auth@example.com" WITH SUPERUSER;. Misuse of the administrator account is discouraged.
[Best Practice] For fine-grained authorization, establish a local role in the database and then use the GRANT statement. For instance, a BI application necessitates erp read-only access to all tables in the schema, while certain result tables require write access to the bi schema. Refer to the following configuration:

CREATE SCHEMA erp;
CREATE SCHEMA bi;
CREATE ROLE bi_allow_all;
 
GRANT ALL ON ALL TABLES IN SCHEMA bi TO bi_allow_all;
GRANT USAGE, CREATE ON SCHEMA bi to bi_allow_all;
 
CREATE ROLE erp_readonly;
GRANT SELECT ON ALL TABLES IN SCHEMA erp TO erp_readonly;
GRANT USAGE ON SCHEMA erp TO erp_readonly;
 
CREATE USER "bi@example.com"; -- Email bi@example.com needs to be registered as a platform account
GRANT bi_allow_all to "bi@example.com";
GRANT erp_readonly TO "bi@example.com";

Removing a User

Navigate to [Data Clouds] - select the [Specific Data Clouds ID on the right] - then click on [Permission Management] to open the permission management panel.
Click the red [x] icon next to the relevant user on the right side.
In the confirmation window that appears, press the [OK] button.

FAQ

Are custom roles supported?

Currently, Tacnode does not allow for user-defined roles.

Is it possible to modify the inheritance relationship of roles in the system?

No, the inheritance relationships of the system's default roles in Tacnode cannot be altered; however, the inheritance relationships for users can be changed.

How do I identify the inheritance relationship of roles?

In the role display list, [User/Role] shows the members that inherit the current role. A red [x] mark will appear on the right of a general user, while other members indicate a system role type.

What does the error ERROR: a role/user named auth@example.com has not been registered yet mean when adding database access?

This error indicates that you should register your email address with the platform before adding database access.

Global User Management

On this page