Identity and Access Management (IAM)
This section is a walk-through on creating and managing users and groups within the platform, and how to set various access levels for existing projects.
The configuration and management of users and groups is accomplished via the IAM. To access the IAM, click on the Settings icon on the far left ribbon, and then on the Key icon to enter the IAM dashboard. The dashboard has two side tabs, one for the creation and configuration of individual users, and one for groups.
Within the main pane of the dashboard, all users created are listed in a table. The Groups column indicates how many groups a user belongs to, and upon pressing the number icon, all corresponding group names will display. You can move to the details pane of a particular group by selecting its name from the list.
Creating a New User
New users can only be created by a login with Admin credentials. To add a new user to the system, click on the Create User button and fill in the corresponding information.
The user will be prompted to change their password the first time they log in to Kaholo. Passwords require a minimum of eight characters, and need to contain at least one number and one symbol.
The User Panel
Selecting a user name will bring you to the User’s information pane.
The user pane contains three tabs:
- Policies – inherited from the groups that the user belongs. Read more about policies in the Setting Policies section below.
- Groups – all the groups to which the user belongs.
- Settings – includes the user’s email, phone, and password. A check-mark will appear next to the user name if they are required to change their password at the next logging in.
The Group Panel
When pressing on the Groups tab on the left, the Group panel will populate with a list of groups created.
The Groups table contains:
- Group name – clicking on the group will move you to the Group information pane.
- Number of users in this group – to view user names. Clicking on an individual user will transfer you to the User Information pane.
- Actions – the ability to delete a group.
*** Currently, there is no “group inside a group” capability in Kaholo.
The Group pane contains three tabs:
- Policies – An orange-colored checkbox indicates that the policy was inherited through the group that the user belongs to, and cannot be edited. When a checkbox is blue, it means that the policy can be edited.
- Users – All the users which attached to the group.
- Group settings – Contains group’s name and description and the ability to delete the group.
When a user logs in to Kaholo they can only see the pipelines they create, or projects/pipelines that are manually assigned to them by an Admin.
Policy permissions are defined by three primary categories:
- Empty box – access denied
- Half-filled (blue triangle) – indicates partial access rights, with some permissions enabled and others disabled.
- Checked (filled blue box) – full access
You can set access levels to the project tree as follows:
- The highest level is the ability to create a project.
- For each project it is possible to share with other users under various permissions: Read only (can’t save), Update (permission to save changes), Delete (ability to delete the entire project), Archive (project), and Create Map. Note that if any of the permissions are selected, the checkbox for Read is added automatically.
- For each pipeline within a project it is possible to assign permissions – Read (inability to edit), Update (permission to save changes), Delete (ability to delete the pipeline), Archive (pipeline) and Execute (pipeline). Here as well, if any of the permissions are selected, the checkbox for Read is added automatically.