Skip to content

Settings - Managing Access

The Settings Module allows users to manage access to the OSDU® Data Platform.

Identity & Access Management

Customers can manage Data Platform users and groups using the Identity and Access management portal. To enable this section, ensure platform status is ON. If platform status is OFF and the User Management section is selected, a pop up error message will state "User is not authorized or entitlements service is not ON".

User management is conducted via the IDP instance (Amazon Cognito by default) in the target fulfillment account created for each EDI deployment. The portal for adding, modifying, and deleting users can be accessed on the Settings page of the EDI Data Platform Portal.

User permissions are organized in two groups: * EDI Data Platform Portal Roles: * OSDU Entitlements.

To enable Identity & Access Management, click on the section header Settings Page

Add Users

To add new users to the Data Platform, click on Add new user button Add User

When you click on Add New User, a pop up window "Create New user" is displayed.

Create User

Fill in the email, roles, and entitlements of the user.

EDI DP Platform Roles

On the left hand side of the new user screen, select from the three EDI DP Platform roles:

  • Platform Admin: An admin role that allows Platform management (Start/Stop). This role can only be assigned to users in a Dedicated Data Platform Instance.

    • Login
    • Partition Viewer
    • User Management
    • Platform Status Management
    • Platform Resources Management

  • Portal Admin: An admin role which allows all basic operations, plus everything related with User Management.

    • Login
    • Partition Viewer
    • User Management

  • Portal User: A basic role for all non-admin users.

    • Login
    • Partition Viewer

OSDU Entitlements

OSDU entitlements are organized in Members and Owners.

OSDU Entitlements

Edit or Remove Users

To edit an existent user, click on the "pencil" sign, which will display the create user screen with selected user's data.

To remove a user from the Data Platform, simply click on the "trash" sign and confirm the selection.

Remove User

Groups

The users are assigned to service and data groups through which users gain access to APIs and data.

Entitlements service is used to enable authorization in the OSDU Data Platform. A group name defines a permission. Users who are added to that group obtain that permission.

To add new groups, click on Add Group. Once you click on Add Group, a pop up dialog Create New group

Group Type

Service groups - used for service authorization

Data groups - used for data authorization

User groups - used for hierarchical grouping of user and service identities

Select from the drop-down list based on requirements

Manage Role Members

The members list of a given role can be managed from the corresponding screen: Manage Role Members

Detail view: Manage Role Members

Permissions

Owners - Data platform users and groups with read and write access to the service

Viewers - Data platform users and groups with only read access to the service. The users do not have write access.

Resource name

The name of the resource to be created needs to be entered.

After selecting group type, permissions and resource name, click on Add Group.

Manage Group

User can click on Manage Group Manage Group to remove group or add members/owners to the group. On Clicking Manage Group, a pop up window Remove Group is displayed.

Clicking on Remove will remove the selected group from the OSDU Data Platform.

Add Member - You can add a user to the group by entering email of the user which needs to be added to the specified group.