How do users get mapped to roles?
With role-based access control (RBAC), Okera uses roles to apply permissions to groups of users. A user's access to data is controlled by the roles to which the user has been assigned.
Users or groups are integrated from your organization's identity management system and can be assigned to Okera roles. Roles can be customized to your organization's naming convention and can be managed programmatically as well as in the UI. For more information, see Role-Based Access Control and Managing Roles.
System administrators can control data access management for users by creating roles and granting them specific access levels. For example, you might want to set up data steward roles for each line of business, or an auditing role for a compliance officer. For more information, see Access Delegation.
RBAC is useful for simplifying access control, and saves you from having to create individual grants for individual users.
However as the number of users, datasets, and use cases increase, it becomes painful to maintain different permutations of different objects for each role and can lead to role explosion. For example, to restrict access to data in a sales transaction dataset that must be viewed differently for sales analysts in different regions, you would need to create a sales analyst role for each region (for example,
For more information about access in Okera, refer to the documentation here.