Overview
Invite other users to join your organization so that you can collaboratively build pipelines as a team.
You can create groups and assign user accounts to the groups. Assign users to a group so that you can easily manage the roles and permissions for the users. Users can belong to one or more groups.
Use roles and permissions to determine the tasks users can complete and the data users can access:
- Roles
- Roles determine the tasks that users can perform. You can assign roles to user accounts or to groups so that all user accounts in the same group have the same roles.
- Permissions
-
Permissions determine the access level that users have on objects belonging to the organization. When you create an object within Control Hub, you become the owner of that object and have full access to the object. You can share the object with other groups or user accounts within your organization. When you share the object, you grant others permission to the object - granting read, write, or execute access to the object.
To perform tasks, you must have the appropriate object permissions as well as the role associated with the task. For example, if you have the Pipeline Editor role, you can delete pipeline versions only when granted write permission on the pipeline.
To create a multitenant environment within your organization, create groups of users and then share objects within the groups to grant each group access to the appropriate objects.
For example, let's say that both the Finance and Marketing departments develop their own pipelines, start their own jobs, and measure the performance of their own topologies. Each group needs access only to their own pipelines, fragments, jobs, and topologies. To set up the multitenant environment, create a Finance group, assigning all users in the Finance department to the group. And create a Marketing group for users in the Marketing department. Then assign the appropriate roles to each group.
After a Finance user checks in a finished pipeline, the user shares the pipeline and job with the Finance group, granting all users in the Finance group access to the pipeline, associated fragment, and job. Users in the Marketing group cannot access the Finance objects because they are not granted permissions on those objects.