diff --git a/_data/nav.yml b/_data/nav.yml index 72a38d04..835602d6 100644 --- a/_data/nav.yml +++ b/_data/nav.yml @@ -102,8 +102,10 @@ page: soda-cloud/organize-datasets.md - subtitle: Create and track incidents page: soda-cloud/incidents.md - - subtitle: Set roles and rights + - subtitle: Manage account roles page: soda-cloud/roles-and-rights.md + - subtitle: Manage resource permissions + page: soda-cloud/roles-resources.md - title: Integrate Soda page: soda/integrate-alation.md diff --git a/_release-notes/user-groups.md b/_release-notes/user-groups.md new file mode 100644 index 00000000..e08bd84f --- /dev/null +++ b/_release-notes/user-groups.md @@ -0,0 +1,10 @@ +--- +name: "User groups" +date: 2024-07-08 +products: + - soda-cloud +--- + +Create user groups in Soda Cloud to manage role-based permissions (**Admin**, **Manager**, **Editor**, **Viewer**) to resources. Once created, assign role-based permission to access a dataset to user groups, or assign user groups as alert notification rules recipients, and more. + +Refer to [Create custom user groups]({% link soda-cloud/roles-and-rights.md %}#create-custom-user-groups) for details. \ No newline at end of file diff --git a/soda-agent/deploy.md b/soda-agent/deploy.md index d084127b..77279410 100644 --- a/soda-agent/deploy.md +++ b/soda-agent/deploy.md @@ -1354,7 +1354,7 @@ This tab is the fifth step in the guided workflow if the **5. Check** tab is abs | Field or Label | Guidance | |----------------|----------| | Data Source Owner | The Data Source Owner maintains the connection details and settings for this data source and its Default Scan Definition. | -| Default Dataset Owner | The Datasets Owner is the user who, by default, becomes the owner of each dataset the Default Scan discovers. Refer to [Roles and Rights in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) to learn how to adjust the Dataset Owner of individual datasets.| +| Default Dataset Owner | The Datasets Owner is the user who, by default, becomes the owner of each dataset the Default Scan discovers. Refer to [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) to learn how to adjust the Dataset Owner of individual datasets.|
diff --git a/soda-agent/managed-agent.md b/soda-agent/managed-agent.md index d7a5e1bd..f3cf98b1 100644 --- a/soda-agent/managed-agent.md +++ b/soda-agent/managed-agent.md @@ -138,7 +138,7 @@ This tab is the fifth step in the guided workflow if the **5. Check** tab is abs | Field or Label | Guidance | |----------------|----------| | Data Source Owner | The Data Source Owner maintains the connection details and settings for this data source and its Default Scan Definition. | -| Default Dataset Owner | The Datasets Owner is the user who, by default, becomes the owner of each dataset the Default Scan discovers. Refer to [Roles and Rights in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) to learn how to adjust the Dataset Owner of individual datasets.| +| Default Dataset Owner | The Datasets Owner is the user who, by default, becomes the owner of each dataset the Default Scan discovers. Refer to [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) to learn how to adjust the Dataset Owner of individual datasets.|
diff --git a/soda-cl/check-attributes.md b/soda-cl/check-attributes.md index 199458bb..c0388cba 100644 --- a/soda-cl/check-attributes.md +++ b/soda-cl/check-attributes.md @@ -38,7 +38,7 @@ Use attributes to organize your checks and alert notifications in Soda Cloud. ## Prerequisites -* To *define* new check attributes, you must have [Admin rights]({% link soda-cloud/roles-and-rights.md %}) on your Soda Cloud account. Any Soda Cloud user or Soda Library user can *apply* existing attributes to new or existing checks. +* To *define* new check attributes, you must have [Admin permissions]({% link soda-cloud/roles-and-rights.md %}) on your Soda Cloud account. Any Soda Cloud user or Soda Library user can *apply* existing attributes to new or existing checks. ## Define a check attribute diff --git a/soda-cl/soda-cl-overview.md b/soda-cl/soda-cl-overview.md index 8052d1a6..e0c7dc5e 100644 --- a/soda-cl/soda-cl-overview.md +++ b/soda-cl/soda-cl-overview.md @@ -97,7 +97,7 @@ Create **no-code checks** for data quality directly in the Soda Cloud user inter * You, or an Admin on your Soda Cloud account, has [deployed a Soda Agent]({% link soda-agent/deploy.md %}) version 0.8.52 or greater, and connected it to your Soda Cloud account. * You, or an Admin on your Soda Cloud account, has [added a new datasource]({% link soda-agent/deploy.md %}#add-a-new-data-source) via the Soda Agent in your Soda Cloud account *and* configured the data source to [discover the datasets]({% link soda-cl/profile.md %}#add-dataset-discovery) in the data source for which you want to write no-code checks. (Soda must have access to dataset names and column names to present those values in dropdown menus during no-code check creation.) -* You must have permission to edit the dataset as an Admin, Manager, or Editor; see [Roles and rights]({% link soda-cloud/roles-and-rights.md %}). +* You must have permission to edit the dataset as an Admin, Manager, or Editor; see [Manage roles and permissions]({% link soda-cloud/roles-and-rights.md %}). ### Create a new check diff --git a/soda-cloud/anomaly-dashboard.md b/soda-cloud/anomaly-dashboard.md index 746ed6f8..c2e5c1c5 100644 --- a/soda-cloud/anomaly-dashboard.md +++ b/soda-cloud/anomaly-dashboard.md @@ -71,7 +71,7 @@ Activate an anomaly dashboard to one or more datasets by configuring profiling f Use the following procedure to activate the anomaly dashboard for an existing dataset in a data source you already connected to your Soda Cloud account via a self-hosted or Soda-hosted agent. -1. If you have Admin, Manager, or Editor [rights]({% link soda-cloud/roles-and-rights.md %}) to a dataset, navigate to the **Datasets** dashboard, then open the dataset to which you wish to activate an anomaly dashboard. +1. If you have been assigned an Admin, Manager, or Editor [role]({% link soda-cloud/roles-and-rights.md %}#access-to-resources) for a dataset, navigate to the **Datasets** dashboard, then open the dataset to which you wish to activate an anomaly dashboard. 2. Navigate to the **Anomalies** tab where a message appears that advises you that the anomaly dashboard has not been activated for this dataset. Click **Activate**. 3. Follow the guided steps and carefully read the warning about the changes to any existing profiling you have configured for the data source (see below). If you accept the permanent changes, specify the time of day you wish to run the daily anomaly scan, then proceed. >
diff --git a/soda-cloud/collaborate.md b/soda-cloud/collaborate.md index 75146009..3c4161e5 100644 --- a/soda-cloud/collaborate.md +++ b/soda-cloud/collaborate.md @@ -67,7 +67,7 @@ Invite the members of your team to join you in your work to monitor data quality In your Soda Cloud account, navigate to **your avatar** > **Invite Team Members** and fill in the blanks. -When your team members receive the invitation email, they can click the link in the email to create their own login credentials to access your Soda Cloud account directly. Refer to [Default roles and groups]({% link soda-cloud/roles-and-rights.md %}#default-roles-and-groups) to learn more about the default access rights Soda Cloud assigns to new users. +When your team members receive the invitation email, they can click the link in the email to create their own login credentials to access your Soda Cloud account directly. Refer to [Default roles and groups]({% link soda-cloud/roles-and-rights.md %}#default-roles-and-permissions) to learn more about the default access rights Soda Cloud assigns to new users. Note that if your organization uses a single sign-on (SSO) identity provider to access Soda Cloud, you cannot invite team members in Soda Cloud. Instead, contact your IT Admin to request access to Soda Cloud using your SSO. See also, [Single Sign-on with Soda Cloud]({% link soda-cloud/sso.md %}). diff --git a/soda-cloud/organize-datasets.md b/soda-cloud/organize-datasets.md index 03f6c6c8..334c6a1b 100644 --- a/soda-cloud/organize-datasets.md +++ b/soda-cloud/organize-datasets.md @@ -22,7 +22,7 @@ Define new attributes for datasets in your organization that your colleagues can
-1. As an [Admin member]({% link soda-cloud/roles-and-rights.md %}) of your Soda Cloud account, navigate to **your avatar** > **Attributes** > **New Attribute**. +1. As an [Admin]({% link soda-cloud/roles-and-rights.md %}) of your Soda Cloud account, navigate to **your avatar** > **Attributes** > **New Attribute**. 2. Follow the guided steps to create the new attribute. Use the details below for insight into the values to enter in the fields in the guided steps. | Field or Label | Guidance | diff --git a/soda-cloud/roles-and-rights.md b/soda-cloud/roles-and-rights.md index b3380625..db7ad2bc 100644 --- a/soda-cloud/roles-and-rights.md +++ b/soda-cloud/roles-and-rights.md @@ -1,186 +1,148 @@ --- layout: default -title: Roles and rights in Soda Cloud -description: To manage the actions of users that belong to a single organization, Soda Cloud uses roles and access rights. Admins can access an Audit Trail of user actions. +title: Manage account roles and permissions in Soda Cloud +description: To manage the actions of users that belong to a single organization, Soda Cloud uses roles and access permissions. Admins can access an Audit Trail of user actions. parent: Organize, alert, investigate --- -# Roles and rights in Soda Cloud +# Manage account roles and permissions in Soda Cloud *Last modified on {% last_modified_at %}* -To manage the actions of members that belong to a single organization, Soda Cloud uses roles and access rights. These roles and their associated rights of access enforce limits on the abilities for people to make additions and changes to datasets, to make changes to the Soda Cloud account, and to adjust the roles and rights of others. - -[Roles and rights in your account](#roles-and-rights-in-your-account)
-[Change organization roles and settings](#change-organization-roles-and-settings)
-[Add multiple organizations](#add-multiple-organizations)
-[Access an audit trail](#access-an-audit-trail)
-[Access to resources](#access-to-resources)
-[Default roles for datasets and checks](#default-roles-for-datasets-and-checks)
-[Change the default access to datasets](#change-the-default-access-to-datasets)
-[Change access to a dataset](#change-access-to-a-dataset)
-[Review member licenses](#review-member-licenses)
+To manage the actions of users that belong to a single organization, Soda Cloud uses roles, groups, and access permissions. These account-level roles and groups and their associated permissions of access enforce limits on the abilities for people to make additions and changes to organization settings and default access permissions, and to adjust the roles and permissions of others. + +See also: [Manage resource permissions in Soda Cloud]({% link soda-cloud/roles-resources.md %}) +

+ +[Account-level roles and permissions](#account-level-roles-and-permissions)
+    [Change account-level settings](#change-account-level-settings)
+    [Default roles and permissions](#default-roles-and permissions)
+    [Create custom user groups](#create-custom-user-groups)
+    [Change the default access to datasets](#change-the-default-access-to-datasets)
+    [Add multiple organizations](#add-multiple-organizations)
+    [Access an audit trail](#access-an-audit-trail)
+[Review user licenses](#review-user-licenses)
[Data source, dataset, agreement, and check owners](#data-source-dataset-agreement-and-check-owners)
[Go further](#go-further)

-## Roles and rights in your account - -Anyone with access to your organization's Soda Cloud account is known as a **member**. The roles that define the type of access members have to your organization's Soda Cloud account are **Admin** and **User**. If you are the first member in your organization to sign up for Soda Cloud, you become the Admin for the account by default. - -The following table outlines the account-related rights of each role. - -| Rights | Admin | User | -|--------------------------------------------------------------------------------------------------------------|:-----:|:----:| -| Access the organization's Soda Cloud account as a member of the team | ✓ | ✓ | -| Invite colleagues to join the organization's Soda Cloud account as members | ✓ | ✓ | -| Set and edit notification rules | ✓ | ✓ | -| Apply check attributes to checks | ✓ | ✓ | -| Create no-code checks | ✓ | ✓ | -| Create or edit check attributes | ✓ | | -| View Organization Settings for a Soda Cloud account | ✓ | | -| Change the name of the organization | ✓ | | -| Adjust the Soda Cloud Plan to which the organization subscribes | ✓ | | -| Establish integrations with other tools, such as with Slack | ✓ | | -| View a list of members | ✓ | | -| Review the license status of members | ✓ | | -| Set the default role for members granted access to a dataset | ✓ | | -| Adjust the default setting that automatically grants the Everyone group access to newly-added datasets | ✓ | | -| Change the roles of members, including adding more Admins | ✓ | | -| Reset member passwords or deactivate members | ✓ | | -| Download a CSV file of an audit trail of Soda Cloud usage | ✓ | | -| Define and adjust dataset attributes | ✓ | | +## Account-level roles and permissions + +Anyone with access to your organization's Soda Cloud account is known as a **user**. + +The account-level roles that define the type of access users have to your organization's Soda Cloud account are **Admin** and **User**. If you are the first user in your organization to sign up for Soda Cloud, you become the Admin for the account by default. + +The following table outlines the permissions of each account-level role. + +| Permission | Admin | User | +|--------------------------------------------------------------------------------------------------------|:-----:|:----:| +| Access the organization's Soda Cloud account as a user of the team | ✓ | ✓ | +| Invite colleagues to join the organization's Soda Cloud account as users | ✓ | ✓ | +| Set and edit notification rules | ✓ | ✓ | +| Propose no-code checks | ✓ | ✓ | +| View and manage Organization Settings for a Soda Cloud account | ✓ | | +| Change the name of the organization | ✓ | | +| Review the type of Soda Cloud Plan to which your organization subscribes | ✓ | | +| Enable global access to Soda features such as data sampling and Soda AI (preview access only) | ✓ | | +| Enable user in the account to access and use a Soda-hosted Agent | ✓ | | +| View a list of users | ✓ | | +| Review the license status of users | ✓ | | +| Grant Admin permissions to Users | ✓ | | +| Reset user passwords or deactivate users | ✓ | | +| Create and manage user groups | ✓ | | +| Set the default role for users granted access to a dataset | ✓ | | +| Adjust the default setting that automatically grants the Everyone group access to newly-added datasets | ✓ | | +| Create or edit dataset and check attributes | ✓ | | +| Establish integrations with other tools, such as with Slack | ✓ | | +| Download a CSV file of an audit trail of Soda Cloud usage | ✓ | | +
-## Change organization roles and settings +### Change account-level settings -An Admin is the only role that can make changes to the **Organization Settings** and to the role assignments in the organization. Note, you can have more than one Admin associated with an organization in Soda Cloud. +An Admin is the only account-level role that can make changes to the **Organization Settings** and to the role assignments in the organization. Note, you can have more than one Admin associated with an organization in Soda Cloud. -As an Admin, login to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. Only Admins can view Organization Settings. +As an Admin, login to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. Use the table below as reference for the tasks you can perform within each tab. -| Tab | Access | +| Tab | Tasks | | --- | ------ | -| **Organization** | Adjust the name of the organization and the type of Soda Cloud Plan to which your organization subscribes.| -| **Members** | View a list of people who have access to the Soda Cloud account. Use the dropdown next to each name to adjust their role to be either **Admin** or **User**. Review each member's **License** status as an **Author** or **Viewer**. Refer to [Review member licenses](#review-member-licenses). | -| **Attributes** | Create new attributes for datasets in your organization that your colleagues can use to categorize datasets. See [Organize datasets]({% link soda-cloud/organize-datasets.md %}). | -| **Responsibilities** | Adjust the default settings for accessing new datasets. See [Change the default access to datasets](#change-the-default-access-to-datasets). | +| **Organization** | • Adjust the name of the organization.
• Review the type of Soda Cloud Plan to which your organization subscribes.
• Adjust enablement settings for data sampling, access to a Soda-hosted Agent, and access to Soda AI features in your account. | +| **Users** | • View a list of people who have access to the Soda Cloud account.
• Review and change each user's **License** status as an **Author** or **Viewer**, their access to Admin permissions, and the user groups to which they belong.
• Reset a user's password
• Deactivate a user's account. | +| **User Groups** | Create and manage custom groups of users in your Soda Cloud organization. +| **Responsibilities** | Adjust the default settings for accessing new datasets. | | **Integrations** | Connect Soda Cloud to your organization's Slack workspace, MS Team channel, or other third-party tool via webhook. | -| **Audit Trail** | Download a CSV file that contains user audit trail information. See [Access an audit trail](#access-an-audit-trail). | - - -## Add multiple organizations - -You may find it useful to set up multiple organizations in Soda Cloud so that each corresponds with a different environment in your network infrastructure, such as production, staging, and development. Such a setup makes it easy for you and your team to access multiple, independent Soda Cloud organizations using the same profile, or login credentials. - -Note that Soda Cloud associates any [API keys]({% link soda-cloud/api-keys.md %}) that you generate within an organization with both your profile *and* the organization in which you generated the keys. API keys are not interchangeable between organizations. +| **Audit Trail** | Download a CSV file that contains user audit trail information. | -Contact support@soda.io to request multiple organizations for Soda Cloud. - - -## Access an audit trail - -To meet your organization's regulatory and policy mandates, you can download a CSV file that contains an audit trail of activity on your Soda Cloud account for a date range you specify. The file contains details of each member's actions, their email and IP addresses, and a timestamp of the action. An Admin is the only role that can access an audit trail for a Soda Cloud account. - -1. As an Admin, login to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. Only Admins can view Organization Settings. -2. Access the **Audit Trail** tab, then set the date range of usage details you wish to examine and click **Download**. - -Alternatively, you can use the [Audit Trail endpoint]({% link api-docs/reporting-api-v1.md %}#/operations/audit_trail_v0_audit_trail_get) in Soda Cloud's Reporting API to access audit trail data. +
+### Default roles and permissions -## Access to resources - -Where the roles and rights described above apply to your organization's Soda Account, the roles and rights described in the table below apply to the following resources in your account: -* incidents -* checks -* agreements -* datasets -* data sources -* scan definitions -* agents - -The roles that define who can make changes to resources in Soda Cloud are **Manager**, **Editor**, and **Viewer**. - -The following table outlines the rights of each role associated with each resource. Note that because of its universal access to all things in your Soda Cloud account, an **Admin** member as described above has all the rights of a **Manager** relative to resources. Learn more about [Soda architecture]({% link soda-cloud/soda-cloud-architecture.md %}) in general. - -| Rights | Admin | Manager | Editor | Viewer | -|----------------------------------------------------------------------------|:-----:|:--------:|:------:|:------:| -| Create and track incidents associated with one or more check results | ✓ | ✓ | ✓ | ✓ | -| Delete an incident | ✓ | ✓ | ✓ | | -| View scan results of checks associated with a dataset or agreement | ✓ | ✓ | ✓ | ✓ | -| Edit individual checks associated with a dataset ingested via Soda Library | ✓ | ✓ | ✓ | | -| Delete a check | ✓ | ✓ | ✓ | | -| View agreements | ✓ | ✓ | ✓ | ✓ | -| Approve and reject agreements as a stakeholder | ✓ | ✓ | ✓ | ✓ | -| Create a new agreement | ✓ | ✓ | ✓ | | -| Edit an existing agreement, including adding a new scan definition | ✓ | ✓ | ✓ | | -| Create no-code checks | ✓ | ✓ | ✓ | | -| Add and edit dataset Attributes, such as Description or Tags | ✓ | ✓ | ✓ | | -| Control member access to a dataset and its checks (add or remove access) | ✓ | ✓ | | | -| Change the roles of members with access to a dataset and its checks | ✓ | ✓ | | | -| Add, edit, or delete a data source | ✓ | | | | -| Change the owner of a data source | ✓ | | | | -| Add, edit, or delete a scan definition | ✓ | | | | -| Run a scan | ✓ | ✓ | | | -| Access failed row samples for a check | ✓ | ✓ | ✓ | ✓ | -| Add, or edit an agent | ✓ | | | | -| Begin or participate in a discussion | ✓ | ✓ | ✓ | ✓ | -| Propose and test a check | ✓ | ✓ | ✓ | ✓ | -| Review & Add a check; execute a check | ✓ | ✓ | ✓ | | -| Close a discussion | ✓ | ✓ | ✓ | ✓ | - - -## Default roles for datasets and checks - -When a new member accepts an invitation to join an existing organization, Soda Cloud applies the following defaults to the new member: +When a new user accepts an invitation to join an existing organization, Soda Cloud applies the following defaults to the new user: - the role of **User** in the organization - membership in the **Everyone** group -By default, all members are included in the group identity called Everyone In the context of an individual dataset, Admins and Managers can use the Everyone group when [setting Responsibilities in a dataset](#change-access-to-a-dataset). In this early implementation of roles and groups, Everyone is the only group that exists in Soda Cloud. It is not possible to add or remove members from the group, or to create new groups, yet. +By default, all users are included in the group identity called Everyone In the context of an individual dataset, Admins and Managers can use the Everyone group when setting [responsibilities](#change-access-to-a-dataset) in a dataset. Everyone is the only default group that exists in Soda Cloud. You cannot edit membership of the Everyone group.
For example...

For the Customers_EU dataset, Alice the Admin added the Everyone group to the dataset and assigned the group Editor privileges.

-

When Bob joins his organization's Soda Cloud account as a User member, Soda Cloud automatically adds his name to the organization's Everyone group. Thus, Bob automatically has Editor level access to the Customers_EU dataset.

+

When Bob joins his organization's Soda Cloud account as a User user, Soda Cloud automatically adds his name to the organization's Everyone group. Thus, Bob automatically has Editor level access to the Customers_EU dataset.


-By default, when a dataset's Admin or Manager grants another member or the Everyone group access to a dataset, Soda Cloud automatically assigns the new member or group the default role of Editor for the dataset. You can adjust this setting to a different default role; see [Change the default access to datasets](#change-the-default-access-to-datasets). +By default, when a dataset's Admin or Manager grants another user or the Everyone group access to a dataset, Soda Cloud automatically assigns the new user or group the default role of Editor for the dataset. You can adjust this setting to a different default role; see [Change the default access to datasets](#change-the-default-access-to-datasets).
For example... -

When Alice the Admin adds Carlos, a member of her Soda Cloud account, to the Customers_US dataset, Soda Cloud automatically assigns him the role of Editor for that dataset.

+

When Alice the Admin adds Carlos, a user of her Soda Cloud account, to the Customers_US dataset, Soda Cloud automatically assigns him the role of Editor for that dataset.


-By default, when any member adds a new dataset to the Soda Cloud account via Soda Library, Soda Cloud *does not* assign the **Everyone** group to the dataset. You can adjust this setting to automatically assign the **Everyone** group to each newly added dataset; see [Change the default access to datasets](#change-the-default-access-to-datasets). +By default, when any user adds a new dataset to the Soda Cloud account via Soda Library, Soda Cloud *does not* assign the **Everyone** group to the dataset. You can adjust this setting to automatically assign the **Everyone** group to each newly added dataset; see [Change the default access to datasets](#change-the-default-access-to-datasets). + +
+### Create custom user groups -## Change the default access to datasets +Create user groups in Soda Cloud to manage role-based permissions (**Admin**, **Manager**, **Editor**, **Viewer**) to resources. Refer to [Resource-level roles and permissions]({% link soda-cloud/roles-resources.md %}#resource-level-roles-and-permissions) for details on the permissions of each role. + +As an Admin in your Soda Cloud, navigate to **your avatar** > **Organization Settings**, then access the **User Groups** tab. Click **Create User Group**, then follow the guided steps to create a group and add individual members. Once created, assign the user group to any of the following resources. + +* Assign role-based permission to [access a dataset]({% link soda-cloud/roles-resources.md %}change-access-to-a-dataset) to user groups instead of individually setting permissions per user. +* Assign user groups as alert [notification rules]({% link soda-cloud/notif-rules.md %}#set-new-rules) recipients to make sure the right team, with the right permissions for the dataset(s), gets notified when checks warn or fail. +* Assign [dataset ownership](#change-the-dataset-owner) to groups of users instead of individuals for redundancy. +* Add a user group to a [discussion]({% link soda/quick-start-end-user.md %}#begin-a-discussion-and-propose-checks) in Soda Cloud so the whole team can review newly-proposed no-code checks. +* Add user groups as [stakeholders]({% link soda-cl/soda-cl-overview.md %}#define-sodacl-checks) in an agreement so that whole teams can collaborate on the expected state of data quality for one or more datasets. + +
+ + +### Change the default access to datasets As an Admin you have the option of adjusting three default access settings: -* By default, when a dataset's Admin or Manager grants another member or the Everyone group access to a dataset, Soda Cloud automatically assigns the new member or group the [default role of Editor for the dataset](#default-roles-for-datasets-and-checks). You can adjust this setting to a different default role. -* By default, when any member adds a new dataset to the Soda Cloud account via Soda Library, Soda Cloud *does not* assign the **Everyone** group to the dataset. You can adjust this setting to automatically assign the **Everyone** group to each newly added dataset. -* By default, Soda Cloud *does not* allow dataset owners to manage the responsibilites on the datasets they own. You can adjust this setting to automatically assign the role of Manager to all dataset owners, rather than Editor. +* By default, when a dataset's Admin or Manager grants another user or the Everyone group access to a dataset, Soda Cloud automatically assigns the new user or group the [default role of Editor for the dataset](#default-roles-for-datasets-and-checks). You can adjust this setting to a different default role. +* By default, when any user adds a new dataset to the Soda Cloud account via Soda Library, Soda Cloud *does not* assign the **Everyone** group to the dataset. You can adjust this setting to automatically assign the **Everyone** group to each newly added dataset. +* By default, Soda Cloud *does not* allow dataset owners to manage the responsibilities on the datasets they own as ownership does not enforce permissions. 1. As an Admin, login to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. Only Admins can view Organization Settings. 2. Access the **Responsibilities** tab to adjust either of the two default settings: -* Use the dropdown to adjust the default role of new members and groups who are granted access to a dataset. +* Use the dropdown to adjust the default role of new users and groups who are granted access to a dataset. * Check the box for Soda Cloud to automatically assign the **Everyone** group to every new dataset that an Admin adds to the Soda Cloud account. * Check the box for Soda Cloud to allow all dataset owners to manage the responsibilities for datasets they own. -Note that by default, Soda Cloud automatically adds all new members to the organization's **Everyone** group. See [Default roles and group](#default-roles-and-groups). +Note that by default, Soda Cloud automatically adds all new users to the organization's **Everyone** group. See [Default roles and group](#default-roles-and-groups).
Example of changed default settings
  1. As an Admin, I individually edit the Responsibilities of Datasets A, B, and C and add the Everyone group as Editor to each.
  2. -
  3. Then I access Organization Settings > Responsibilities and change the value of Default role when assigning a new user or group to a resource to Viewer and leave the check box unchecked for Automatically assign the "Everyone" group to the new resource.
  4. -
  5. Then, using Soda Library, I connect to a new data source, and upload 20 new datasets to Soda Cloud.
  6. -
  7. Back in Soda Cloud, I see all the new datasets, and Soda Cloud automatically made me the Dataset Owner of all of them, which comes with the role of Manager. None of the new datasets have any other members that can access them at present, except Admins who can access everything.
  8. +
  9. Then I access Organization Settings > Responsibilities and change the value of Default role when assigning a new user or group to a resource to Viewer and leave the checkbox unchecked for Automatically assign the "Everyone" group to the new resource.
  10. +
  11. Then, using Soda Library, I connect to a new data source, and make 20 new datasets visible in Soda Cloud.
  12. +
  13. Back in Soda Cloud, I see all the new datasets, and Soda Cloud automatically made me the Dataset Owner of all of them, which comes with the role of Manager. None of the new datasets have any other users that can access them at present, except Admins who can access everything.
  14. Next, I edit the Responsibilities of new Datasets D, E, and F and add the Everyone group to those datasets and, because of my setting in Step 2, that group now has Viewer access to these three datasets.
  15. Datasets A, B, and C still have the Everyone group assigned to them, but those “Everyone” groups still have Editor access to these specific datasets.
@@ -190,37 +152,50 @@ Note that by default, Soda Cloud automatically adds all new members to the organ b) changing its default role in the Organization Settings which only applies when the Everyone group is added to a dataset or check on upload or creation.
+
+ -## Change access to a dataset +### Add multiple organizations -When any member uses Soda Library to add a new dataset to the Soda Cloud account, the member automatically becomes the Dataset Owner. The new dataset can only be accessed by an Admin and the Dataset Owner, who automatically becomes a Manager of the dataset, until the Admin or Dataset Owner changes access to the dataset to grant other members access. +You may find it useful to set up multiple organizations in Soda Cloud so that each corresponds with a different environment in your network infrastructure, such as production, staging, and development. Such a setup makes it easy for you and your team to access multiple, independent Soda Cloud organizations using the same profile, or login credentials. -As an Admin or a Manager of a dataset, you can access the **Responsibilities** tab for an individual dataset to make changes to the default role assignments in the dataset. All members, regardless of their role assignment, can view the Responsibilities tab for a dataset. +Note that Soda Cloud associates any [API keys]({% link soda-cloud/api-keys.md %}) that you generate within an organization with both your profile *and* the organization in which you generated the keys. API keys are not interchangeable between organizations. -1. As an Admin or Manager, login to your Soda Cloud account and navigate to the **Datasets** dashboard. -2. Click the stacked dots to the right of the dataset for which you wish to adjust the role assignments, then select **Edit Dataset**. -3. In the **Responsibilities** tab, use the search bar to find specific members to which you wish to assign a role other than the default, Editor, then use the dropdown next to each name to adjust their role.
Alternatively, search for the group **everyone** and change the role of the group. +Contact support@soda.io to request multiple organizations for Soda Cloud. +
-## Review member licenses +### Access an audit trail -Some Soda Cloud licensing models include a specific number of **Author** licenses for members of the Soda Cloud account. A member's license status controls whether they can make changes to any datasets, checks, and agreements in the Soda Cloud account. +To meet your organization's regulatory and policy mandates, you can download a CSV file that contains an audit trail of activity on your Soda Cloud account for a date range you specify. The file contains details of each user's actions, their email and IP addresses, and a timestamp of the action. An Admin is the only account-level role that can access an audit trail for a Soda Cloud account. + +1. As an Admin, login to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. Only Admins can view Organization Settings. +2. Access the **Audit Trail** tab, then set the date range of usage details you wish to examine and click **Download**. + +Alternatively, you can use the [Audit Trail endpoint]({% link api-docs/reporting-api-v1.md %}#/operations/audit_trail_v0_audit_trail_get) in Soda Cloud's Reporting API to access audit trail data. + +
+ + +## Review user licenses + +A few Soda Cloud legacy licensing models include a specific number of **Author** licenses for users of the Soda Cloud account. A user's license status controls whether they can make changes to any datasets, checks, and agreements in the Soda Cloud account. * **Authors** essentially have read-write access to Soda Cloud resources and maintain the role of Admin, Manager, or Editor. -* **Viewers** essentially have read-only acecss to Soda Cloud resources and maintain the role of Viewer. +* **Viewers** essentially have read-only access to Soda Cloud resources and maintain the role of Viewer. + +1. To review the licenses that your users have, as an Admin, login to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. Only Soda Cloud Admin users can view Organization Settings. +2. Access the **Users** tab to view a list of people who have access to your Soda Cloud account, the role they have in the organization (Admin or User), and their License status (Author or Viewer). +3. Click a user's **Author** or **Viewer** label in the License column to access a **Responsibilities** window that lists the user's access to resources (datasets, agreements, and checks), the role they hold for each resource, and their license status relative to the resource. -1. To review the licenses that your members have, as an Admin, login to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**. Only Soda Cloud Admin members can view Organization Settings. -2. Access the **Members** tab to view a list of people who have access to your Soda Cloud account, the role they have in the organization (Admin or User), and their License status (Author or Viewer). -3. Click a member's **Author** or **Viewer** label in the License column to access a **Responsibilities** window that lists the member's access to resources (datasets, agreements, and checks), the role they hold for each resource, and their license status relative to the resource. ## Data source, dataset, agreement, and check owners -There are four ownership roles in Soda Cloud that identify the member that owns a data source, a dataset, an agreement, or a check. These ownership roles do not enforce any rights or permissions on these resources, they are simply identifiers. +There are four ownership roles in Soda Cloud that identify the user that owns a data source, a dataset, an agreement, or a check. These ownership roles do not enforce any permissions or permissions on these resources, they are simply identifiers. -* By default, the member who added the data source becomes the **Data Source Owner** and **Dataset Owner** of all datasets in that data source. The default role that Soda Cloud assigns to the Dataset Owner is that of Manager. -* By default, the member who creates an agreement becomes the **Check Owner** of all checks defined in the agreement. -* By default, the member who creates a no-code check becomes its **Check Owner**. +* By default, the user who added the data source becomes the **Data Source Owner** and **Dataset Owner** of all datasets in that data source. The default role that Soda Cloud assigns to the Dataset Owner is that of Manager. +* By default, the user who creates an agreement becomes the **Check Owner** of all checks defined in the agreement. +* By default, the user who creates a no-code check becomes its **Check Owner**. * By default, all Owners use an Author license. -* You cannot change the Agreement Owner.

@@ -228,7 +203,7 @@ There are four ownership roles in Soda Cloud that identify the member that owns 1. If you are the Admin of the organization, login to your Soda Cloud account and navigate to **your avatar** > **Data Sources**. 2. In the **Data Sources** tab, click the stacked dots to the right of the data source for which you wish to adjust the ownership, then select **Edit Datasource**. -3. In the **Assign Owner** tab, use the dropdown to select the name of another member to take ownership of the data source, then **Save**. +3. In the **Assign Owner** tab, use the dropdown to select the name of another user or user group to take ownership of the data source, then **Save**.
@@ -236,10 +211,10 @@ There are four ownership roles in Soda Cloud that identify the member that owns 1. If you are the Admin of the organization, or have a Manager role for the dataset, login to your Soda Cloud account and navigate to the **Datasets** dashboard. 2. Click the stacked dots to the right of the dataset for which you wish to adjust the ownership, then select **Edit Dataset**. -3. In the **Attributes** tab, use the dropdown to select the name of another member to take ownership of the dataset, then **Save**. +3. In the **Attributes** tab, use the dropdown to select the name of another user or user group to take ownership of the dataset, then **Save**. 4. Soda Cloud automatically assigns the role of Manager to the new Dataset Owner. -To bulk-change the owner of all new datasets added to a data source, follow the steps to [Change the Data Source Owner](#change-the-data-source-owner) and, in step 3, use the dropdown to change the owner of all the datsets in the data source. +To bulk-change the owner of all new datasets added to a data source, follow the steps to [Change the Data Source Owner](#change-the-data-source-owner) and, in step 3, use the dropdown to change the owner of all the datasets in the data source.
@@ -247,14 +222,14 @@ To bulk-change the owner of all new datasets added to a data source, follow the 1. If you are the Admin of the organization, or have a Manager or Editor role for the check's dataset, login to your Soda Cloud account and navigate to the **Checks** dashboard. 2. Click the stacked dots to the right of the check for which you wish to adjust the ownership, then select **Edit Check**. -3. In the **Attributes** tab, use the dropdown to select the name of another member to take ownership of the check, then **Save**. +3. In the **Attributes** tab, use the dropdown to select the name of another user to take ownership of the check, then **Save**. Note that you cannot assign a user group as a check owner.
## Go further * Need help? Join the Soda community on Slack. -* Learn more about [Soda architecture]({% link soda-cloud/soda-cloud-architecture.md %}). +* Learn more about the relationship between resources in [Soda's architecture]({% link soda-cloud/soda-cloud-architecture.md %}). * [Organize your datasets]({% link soda-cloud/organize-datasets.md %}) to facilitate your search for the right data. * [Invite colleagues]({% link soda-cloud/collaborate.md %}#invite-your-team-members) to join your organization's Soda Cloud account. * Learn more about creating and tracking [Soda Incidents]({% link soda-cloud/incidents.md %}). diff --git a/soda-cloud/roles-resources.md b/soda-cloud/roles-resources.md new file mode 100644 index 00000000..7effea0e --- /dev/null +++ b/soda-cloud/roles-resources.md @@ -0,0 +1,97 @@ +--- +layout: default +title: Manage resource permissions in Soda Cloud +description: Learn how to manage user access to datasets in an organization's Soda Cloud account. +parent: Organize, alert, investigate +--- + +# Manage resource permissions in Soda Cloud +*Last modified on {% last_modified_at %}* + +To manage the resource-level permissions of users that belong to a single organization, Soda Cloud uses roles, groups, and access permissions. These role-based access permissions enforce limits on the abilities for people to make additions and changes to resources in Soda Cloud, including agents, data sources, and datasets. + +See also: [Manage account roles and permissions in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) +

+ +[Resource-level roles and permissions](#resource-level-roles-and-permissions)
+[Change access to a dataset](#change-access-to-a-dataset)
+ +## Resource-level roles and permissions + +Where [account-level]({% link soda-cloud/roles-and-rights.md %}) roles and permissions apply to your organization's Soda Account, the roles and access permissions described in the table below apply to the following resources in your account: + +| agents
data sources
scan definitions
datasets | checks
agreements
discussions
incidents | + +The roles that define who can make changes to resources in Soda Cloud are **Admin**, **Manager**, **Editor**, and **Viewer**. As an Admin, you can apply resource-level roles to both individual users and user groups. + +The following table outlines the permissions of each resource-level role. + +| Permissions | Admin | Manager | Editor | Viewer | +|----------------------------------------------------------------------------|:-----:|:--------:|:------:|:------:| +| Add, edit, and delete a self-hosted Soda Agent | ✓ | | | | +| Add, edit, or delete a data source via a Soda-hosted or self-hosted agent | ✓ | | | | +| Change the owner of a data source | ✓ | | | | +| Add or adjust a data source's default scan definition | ✓ | | | | +| Add a scan definition in an agreement or during no-code check creation | ✓ | ✓ | ✓ | | +| Delete a scan definition | ✓ | | | | +| Control user access to a dataset and its checks (add or remove access) | ✓ | ✓ | | | +| Change the roles of users with access to a dataset and its checks | ✓ | ✓ | | | +| Apply dataset attributes to datasets | ✓ | ✓ | ✓ | | +| Configure Soda to collect sample data for a dataset | ✓ | | | | +| Configure Soda to profile datasets in a data source | ✓ | | | | +| Activate an anomaly dashboard for a dataset (preview access only) | ✓ | ✓ | | | +| Add and edit dataset Attributes, such as Description or Tags | ✓ | ✓ | ✓ | | +| Access a dataset's page to view metadata and checks, and dataset info | ✓ | ✓ | ✓ | ✓ | +| Edit or delete a dataset | ✓ | ✓ | | | +| Run a scan | ✓ | ✓ | | | +| View scan results of checks associated with a dataset or agreement | ✓ | ✓ | ✓ | ✓ | +| Propose and test a no-code check | ✓ | ✓ | ✓ | ✓ | +| Add, edit, or delete a no-code check | ✓ | ✓ | ✓ | | +| Apply check attributes when proposing a check | ✓ | ✓ | ✓ | ✓ | +| Edit or delete individual checks associated with a dataset ingested via Soda Library | ✓ | ✓ | ✓ | | +| Access failed row samples for a check | ✓ | ✓ | ✓ | ✓ | +| Create a new agreement | ✓ | ✓ | ✓ | | +| Approve and reject agreements as a stakeholder | ✓ | ✓ | ✓ | ✓ | +| Edit an existing agreement, including adding a new scan definition | ✓ | ✓ | ✓ | | +| Apply check attributes in an agreement | ✓ | ✓ | ✓ | | +| View agreements | ✓ | ✓ | ✓ | ✓ | +| Begin or participate in a discussion | ✓ | ✓ | ✓ | ✓ | +| Close a discussion | ✓ | ✓ | ✓ | ✓ | +| Create and track incidents associated with one or more check results | ✓ | ✓ | ✓ | ✓ | +| Delete an incident | ✓ | ✓ | ✓ | | +| Create, edit, or delete a notification rule | ✓ | ✓ | ✓ | | +| Set the status of a notification rule (Active or Paused) | ✓ | ✓ | ✓ | | + +
+ +## Change access to a dataset + +When any user uses Soda Library to add a new dataset to the Soda Cloud account, the user automatically becomes the Dataset Owner. The new dataset can only be accessed by an Admin and the Dataset Owner, who automatically becomes a Manager of the dataset, until the Admin or Dataset Owner changes access to the dataset to grant other users access. + +As an Admin or a Manager of a dataset, you can access the **Responsibilities** tab for an individual dataset to make changes to the default role assignments in the dataset. All users, regardless of their role assignment, can view the Responsibilities tab for a dataset. + +1. As an Admin or Manager, login to your Soda Cloud account and navigate to the **Datasets** dashboard. +2. Click the stacked dots to the right of the dataset for which you wish to adjust the role assignments, then select **Edit Dataset**. +3. In the **Responsibilities** tab, use the search bar to find specific users or user groups to which you wish to assign a role other than the default, Editor, then use the dropdown next to each name to adjust their role.
Alternatively, search for the group **everyone** and change the role of the group. + +
+ +## Go further + +* Need help? Join the Soda community on Slack. +* Learn more about the relationship between resources in [Soda's architecture]({% link soda-cloud/soda-cloud-architecture.md %}). +* [Organize your datasets]({% link soda-cloud/organize-datasets.md %}) to facilitate your search for the right data. +* [Invite colleagues]({% link soda-cloud/collaborate.md %}#invite-your-team-members) to join your organization's Soda Cloud account. +* Learn more about creating and tracking [Soda Incidents]({% link soda-cloud/incidents.md %}). +
+ +--- + +Was this documentation helpful? + + + + + + +{% include docs-footer.md %} \ No newline at end of file diff --git a/soda-cloud/sso.md b/soda-cloud/sso.md index 87cdd6e6..b5155465 100644 --- a/soda-cloud/sso.md +++ b/soda-cloud/sso.md @@ -28,9 +28,9 @@ Soda has tested and confirmed that SSO setup works with the following identity p ## SSO access to Soda Cloud -When an employee uses their SSO provider to access Soda Cloud for the first time, Soda Cloud automatically assigns the new user to roles and groups according to the [Default roles and rights]({% link soda-cloud/roles-and-rights.md %}#default-roles-and-groups) for any new users. Soda Cloud also notifies the Soda Cloud Admin that a new user has joined the organization, and the new user receives a message indicating that their Soda Cloud Admin was notified of their first login. A Soda Cloud Admin can adjust users' roles in Organization Settings. See [Change organization roles and settings]({% link soda-cloud/roles-and-rights.md %}#change-organization-roles-and-settings) for details. +When an employee uses their SSO provider to access Soda Cloud for the first time, Soda Cloud automatically assigns the new user to roles and groups according to the [Default roles and permissions]({% link soda-cloud/roles-and-rights.md %}#default-roles-and-permissions) for any new users. Soda Cloud also notifies the Soda Cloud Admin that a new user has joined the organization, and the new user receives a message indicating that their Soda Cloud Admin was notified of their first login. A Soda Cloud Admin can adjust users' roles in Organization Settings. See [Change organization roles and settings]({% link soda-cloud/roles-and-rights.md %}#change-organization-roles-and-settings) for details. -When an organization's IT Admin revokes a user's access to Soda Cloud through the SSO provider, a Soda cloud Admin is responsible for updating the resources and ownerships linked to the User. Refer to [Roles and rights in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) for details. +When an organization's IT Admin revokes a user's access to Soda Cloud through the SSO provider, a Soda cloud Admin is responsible for updating the resources and ownerships linked to the User. Refer to [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) for details. Once your organization enables SSO for all Soda Cloud users, Soda Cloud blocks all non-SSO login attempts and password changes via cloud.soda.io/login. If an employee attempts a non-SSO login or attempts to change a password using "Forgot password?" on cloud.soda.io/login, Soda Cloud presents a message that explains that they must log in or change their password using their SSO provider. @@ -116,7 +116,7 @@ The values for these fields are unique to your organization and are provided to ## Go further * Need help? Join the Soda community on Slack. -* Learn more about [Roles and rights in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}). +* Learn more about [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}). * Learn more about creating and tracking [Incidents]({% link soda-cloud/incidents.md %}) in Soda Cloud.
diff --git a/soda-library/run-a-scan.md b/soda-library/run-a-scan.md index 64078e7a..ea55bc41 100644 --- a/soda-library/run-a-scan.md +++ b/soda-library/run-a-scan.md @@ -413,7 +413,7 @@ scan.get_all_checks_text() You can programmatically initiate a scan your team defined in Soda Cloud using the Soda Cloud API. -If you have defined a [scan definition]({% link soda/glossary.md %}#scan-definition) in Soda Cloud, and the scan definition executes on a schedule via a self-hosted or Soda-hosted agent, and you have [Admin]({% link soda-cloud/roles-and-rights.md %}) rights in your Soda Cloud account, you can use the API to: +If you have defined a [scan definition]({% link soda/glossary.md %}#scan-definition) in Soda Cloud, and the scan definition executes on a schedule via a self-hosted or Soda-hosted agent, and you have [Admin]({% link soda-cloud/roles-and-rights.md %}) permissions in your Soda Cloud account, you can use the API to: * retrieve information about checks and datasets in your Soda Cloud account * execute scans * retrieve information about the state of a scan during execution @@ -432,7 +432,7 @@ Access the [Soda Cloud API]({% link api-docs/public-cloud-api-v1.md %}) document You can initiate a scan your team defined in Soda Cloud using the Soda Library CLI. -If you have defined a [scan definition]({% link soda/glossary.md %}#scan-definition) in Soda Cloud, and the scan definition executes on a schedule via a self-hosted or Soda-hosted agent, and you have [Admin]({% link soda-cloud/roles-and-rights.md %}) rights in your Soda Cloud account, you can use Soda Library CLI to: +If you have defined a [scan definition]({% link soda/glossary.md %}#scan-definition) in Soda Cloud, and the scan definition executes on a schedule via a self-hosted or Soda-hosted agent, and you have [Admin]({% link soda-cloud/roles-and-rights.md %}) permissions in your Soda Cloud account, you can use Soda Library CLI to: * execute a remote scan and synchronously receive logs of the scan execution result * execute a remote scan and asynchronously retrieve status and logs of the scan during, and after its execution diff --git a/soda/new-documentation.md b/soda/new-documentation.md index 2f5968c6..da844aa0 100644 --- a/soda/new-documentation.md +++ b/soda/new-documentation.md @@ -9,12 +9,14 @@ parent: Learning resources
+#### July 8, 2024 +* Documented the new functionality that enables Admin users in Soda Cloud to [create user groups]({% link soda-cloud/roles-and-rights.md %}#create-custom-user-groups). + #### July 5, 2024 * Added clarification to the inclusion and exclusion [rules]({% link soda-cl/profile.md %}#inclusion-and-exclusion-rules) for profiling behavior. * Repeated the configuration instructions for `samples columns` when implicitly collecting failed row samples in multiple places, notably in [Collect failed row samples]({% link soda-cl/optional-config.md %}#collect-failed-rows-samples). * Added details about `RollingUpdate` when [upgrading]({% link soda/upgrade.md %}#upgrade-a-self-hosted-soda-agent) a self-hosted Soda Agent. - #### July 2, 2024 * Added [release notes]({% link release-notes/all.md %}) documentation for Soda Agent 1.1.17 & 1.1.18 and Soda Library 1.5.14. diff --git a/soda/quick-start-automate.md b/soda/quick-start-automate.md index 49fce106..f6a5c857 100644 --- a/soda/quick-start-automate.md +++ b/soda/quick-start-automate.md @@ -169,7 +169,7 @@ profile columns: | Field or Label | Guidance | |----------------|----------| | Data Source Owner | The Data Source Owner maintains the connection details and settings for this data source and its Default Scan Definition. | -| Default Dataset Owner | The Datasets Owner is the user who, by default, becomes the owner of each dataset the Default Scan discovers. Refer to [Roles and Rights in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) to learn how to adjust the Dataset Owner of individual datasets.| +| Default Dataset Owner | The Datasets Owner is the user who, by default, becomes the owner of each dataset the Default Scan discovers. Refer to [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) to learn how to adjust the Dataset Owner of individual datasets.| ## Access an anomaly dashboard diff --git a/soda/sensitive-data.md b/soda/sensitive-data.md index 97b4eb8b..452ed53e 100644 --- a/soda/sensitive-data.md +++ b/soda/sensitive-data.md @@ -21,7 +21,7 @@ Soda provides several capabilities and configurable settings that help you manag ## Utilize roles and permissions in Soda Cloud Soda Cloud employs roles and rights that apply to users of an organization's account. These basic access controls enable you to define who can access, add, change, or delete metadata or access to data in the account. -Refer to [Roles and rights in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) for much more detail and guidance on how to limit access. +Refer to [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) for much more detail and guidance on how to limit access. ## Deploy a self-hosted Soda Agent