...
Log in to Grouper using SSO
Search for the DS folder
When creating a group
use the prefix grp_ds_denodo
description should refer to a data steward
members should all be run by the data steward before addition
Add grp_ds_denodo-admin to the group with ADMIN privileges. This gives Denodo admins the ability to administer the group.
When creating separate
-devand-readgroupsAdd the dev group to the read group so all dev group members are synced with the read group automatically. This will ensure read access for devs will exist beyond dev, since only the read group should be promoted outside of dev.
If a dev group needs scheduler access, add the group to the grp_ds_denodo-scheduler-admin groupdevelopers need scheduler access, create a
-schedulergroup and associated that group with a scheduler project after importing into Denodo.If a service account is going to be used, create
-servicegroup and give it the appropriate permissions after importing. Do not assign it thetts-facstaffrole as this will create view clutter in applications like DBeaver and Tableau.
Add members to groups
Only add members that have been approved by the data steward
Import groups into denodo. Note: You may need to wait up to 30 minutes for grouper changes to get synced to AD before importing.
Code Block Role base: DC=tufts,DC=ad,DC=tufts,DC=edu Attribute with role name: sAMAccountName Attribute with description: description Role search pattern: (&(cn=*denodo*)(objectcategory=group))
Assign roles and permissions as necessary. Add
tts-facstaffto give metadata access to all views.
Denodo LDAP Configuration
...