Groups and Permission

Groups and Permission


Overview

Groups and Permissions in Matillion ETL allow admin users to specify what parts of the client each user may access. With this feature, admin users can define sets of permissions, allocate these permissions to specific permission groups and divide users into these group—confering the group's permissions on each user.

Once user permissions have been configured, if a user lacks the necessary permission(s) to access a resource, it will be greyed-out within the Matillion ETL instance and accompanied by a tooltip stating the permission required to access the resource.

Important Information

  • This is an Enterprise Mode Only feature.
  • This feature will only become available after security has been configured on the Matillion ETL instance via Admin User Configuration.

Manage Groups

  1. Admin users (and only admin users) can create, edit and remove an unlimited number of groups through the Manage Groups pop-up window. To open this window, click Admin Manage Groups.

    Admin Menu

    Admin Menu

  2. In the Manage Groups pop-up window, Matillion ETL provides several default groups to be used "out of the box", including:

    • Reader: may view the project and almost all parts of the instance including API Profiles, Credentials, OAuths, Jobs and Variables—however, none of these may be edited
    • Reader with Comments: all "reader" permissions with the ability to write notes to annotate jobs
    • Runner: all "reader" permissions with with the ability to run jobs as well as the individual components within—however, schedules cannot be edited or executed
    • Scheduler "runner" permissions with the ability to edit and execute schedules and related areas such as Credentials, Drivers and OAuths
    • Writer: view, edit and execute all parts of Matillion ETL—however, may not delete Projects and Versions

    Please Note

    These default groups can be edited and / or removed as required.

  3. Click to add a new permission group, click to edit an existing permission group, or to remove an existing permission group.

    Manage Groups

    Manage Groups

  4. Clicking either button will open the Edit Permission Group pop-up window. Provide or edit the name of the group in the Group Name field. Then, click to add roles to the Role Name list, or highlight a role and click to remove it. Once all roles have been configured, click OK.

    Please Note

    Matillion ETL instance roles configured in external security can also be specified as members of internal permission groups—for example, listing the METL Access role name in a permission group will give it the additional internal permissions associated with the group.

    Edit Permission Group

    Edit Permission Group

  5. On returning to the Groups pop-up window, click to the right of the group name to add users to that group.

    Add users to groups

    Add users to groups

  6. The Manage Members pop-up window will open and feature a list of users. Ticking the checkbox to the right of a user's name will add them as a "member" to the current group. User can be added as members to more than one permission group, allowing for more nuanced user permissions.

    Please Note

    Only users who have already logged into the current Matillion ETL instance will be included on this list.

    Manage Members

    Manage Members


Manage Permissions

  1. Admin users can manage permission settings for each permission group created in the Manage Permissions pop-up window. To open this window, click Admin Manage Permissions.

    Admin Menu

    Admin Menu

  2. In the Permissions pop-up window, to manage the permissions of a group, click to the right of the name of the group .

    Permissions

    Permissions

  3. Within the Permissions pop-up window of the selected group, a hierarchical list of all permissions in Matillion ETL can be found. To search for a permission, a search field above the list is also provided, accompanied by three radio buttons to specify whether to search for a permission Name, State or Expected State.

  4. Changing the State of any permission will affect that resource's availability to members within the current group. Available permission states include:

    • Granted: the permission is available to members of the group and will override a "Forbidden" Expected State
    • Forbidden: the permission is unavailable to members of the group and will override a "Granted" Expected State
    • Unspecified: the permission defers to its Expected State value

    Please Note

    The permission State can be set for individual permissions, resource permissions, entire sets of resources and even all user permissions.

    Group Permissions

    Group Permissions


View Permissions

A full list of the current user's permission states can then be viewed (only) by any user when clicking Help View Permissions.

Help Menu

Help Menu



​Video