Groups
Users in Lenses have different abilities depending on the access level they have in a particular group. Users may belong to multiple groups. In this guide you'll see how to create groups and authorize user access.
Introduction
In Lenses, a permission allows a user to view a type of information or perform an action to a specific resource.
Group is a collection of permission defines the level of access for users belong to it. You can define multiple groups based on your License to define roles or projects.
By default Lenses does not provide any group. You need to define them. There is a default admin user to login for the first time. Group permissions are cumulative. That means that the higher permission takes priority.
Learn more about the permission types and the detailed permission matrix
Required permission
| Permission | Type | Description |
|---|---|---|
| User Management / View | Admin | Enables user management view for Groups, Users & Service Accounts |
| User Management / Manage | Admin | Enables to manage Groups, Users & Service Accounts such as to create, edit, delete, change passwords |
To be able to view, create or modify Groups you need to be authorized with the User Management permission.
Access management permission matrix
Create Groups
To create a new Group, navigate to the Admin and select Groups and New Group. For every Group you have to set the data namespaces for Kafka or other available connections to data sources.
Add namespaces
Name your Group and add data namespaces to view data to a source. By default, Kafka is available. Namespace is a collection of expressions based on the dataset name. You can add multiple expressions in the same entry and also have multiple namespace entries.
Add Users & Service Accounts
While creating a User or Service Account you can select one or multiple Groups.
If mutliple groups are selected, permissions work inclusive:
- group A has permissions to
customer_detailsTopic. - group B has permissions to
frauds_detectionTopic.
User assigned to group A and group B will have permissions for both customer_details and frauds_detection topics.
Clone Groups
You can clone an existing Group. This will copy the permissions of the original group but not the Users or Service Accounts belonging to this Group.
Manage groups
You can Edit. Clone or Delete a Group by navigating to the Group details and select the actions menu at the right top of the page.
Groups with IdPs
Lenses supports 3rd party identity providers for authentication. Based on the provider, you can configure your service by following the configuration instructions during your setup.
Automate
Groups are also supported by the CLI to enable automation scenarios.