Groups and Permission
Groups and Permissions in Matillion ETL allow admin users to specify what parts of the client each user may access. With this feature, admin users can define sets of permissions, allocate these permissions to specific permission groups and divide users into these group—confering the group's permissions on each user.
Once user permissions have been configured, if a user lacks the necessary permission(s) to access a resource, it will be greyed-out within the Matillion ETL instance and accompanied by a tooltip stating the permission required to access the resource.
- This is an Enterprise Mode Only feature.
- This feature will only become available after security has been configured on the Matillion ETL instance via Admin → User Configuration.
Admin users (and only admin users) can create, edit and remove an unlimited number of groups through the Manage Groups pop-up window. To open this window, click Admin → Manage Groups.
In the Manage Groups pop-up window, Matillion ETL provides several default groups to be used "out of the box", including:
- Reader: may view the project and almost all parts of the instance including API Profiles, Credentials, OAuths, Jobs and Variables—however, none of these may be edited
- Reader with Comments: all "reader" permissions with the ability to write notes to annotate jobs
- Runner: all "reader" permissions with with the ability to run jobs as well as the individual components within—however, schedules cannot be edited or executed
- Scheduler "runner" permissions with the ability to edit and execute schedules and related areas such as Credentials, Drivers and OAuths
- Writer: view, edit and execute all parts of Matillion ETL—however, may not delete Projects and Versions
These default groups can be edited and / or removed as required.
Click to add a new permission group, click to edit an existing permission group, or to remove an existing permission group.
Clicking either button will open the Edit Permission Group pop-up window. Provide or edit the name of the group in the Group Name field. Then, click to add roles to the Role Name list, or highlight a role and click to remove it. Once all roles have been configured, click OK.
Matillion ETL instance roles configured in external security can also be specified as members of internal permission groups—for example, listing the METL Access role name in a permission group will give it the additional internal permissions associated with the group.
On returning to the Groups pop-up window, click to the right of the group name to add users to that group.
The Manage Members pop-up window will open and feature a list of users. Ticking the checkbox to the right of a user's name will add them as a "member" to the current group. User can be added as members to more than one permission group, allowing for more nuanced user permissions.
Only users who have already logged into the current Matillion ETL instance will be included on this list.
Admin users can manage permission settings for each permission group created in the Manage Permissions pop-up window. To open this window, click Admin → Manage Permissions.
In the Permissions pop-up window, to manage the permissions of a group, click to the right of the name of the group .
Within the Permissions pop-up window of the selected group, a hierarchical list of all permissions in Matillion ETL can be found. To search for a permission, a search field above the list is also provided, accompanied by three radio buttons to specify whether to search for a permission Name, State or Expected State.
Changing the State of any permission will affect that resource's availability to members within the current group. Available permission states include:
- Granted: the permission is available to members of the group and will override a "Forbidden" Expected State
- Forbidden: the permission is unavailable to members of the group and will override a "Granted" Expected State
- Unspecified: the permission defers to its Expected State value
The permission State can be set for individual permissions, resource permissions, entire sets of resources and even all user permissions.
A full list of the current user's permission states can then be viewed (only) by any user when clicking Help → View Permissions.