Skip to main content
Skip table of contents

CONFIG_ENTITY_PERMISSIONS

CONFIG_ENTITY_PERMISSIONS is a configuration package that is used to configure entity permissions, such as adding Snowflake user roles to specific entity types.


See also:


Usage

  1. Open the configuration package from Designer package list.

  2. Click Export package in the Actions tab.

  3. Click Download.

  4. Edit JSON file.

  5. Import edited JSON back to Designer with Import Package.

After a successful import, changes to the configuration package have been applied to Designer only. It is recommended to deploy the same changes to Runtime environments as well.


Contents

Entity permission configuration

Entity permission configurations are managed inside the JSON array block named, entityPermissions.

Key

Value type

Example

Description

permission

String

SELECT

The name of the permission.

description

String

Select permission

The description of the permission.

You can add new entity permission or update the contents of existing entity permission

Example: Entity Permission Configuration

JSON
"entityPermissions": [
  . . .
  {
    "permission": "SELECT",
    "description": "Select permission"
  }
  . . .
]

If existing entity permission needs to be deleted, simply remove it from the set of values before importing the configuration package.


Grantee configuration

Grantee configurations are managed inside the JSON array block named, grantees.

Key

Value type

Example

Description

granteeId

Integer

2

Unique identifier of the grantee.

granteeName

String

READ_ONLY

The name of the grantee.

superGranteeId

Integer

null

Optional. The parent grantee.

granteeType

String

ROLE

The type of the grantee.

You can add new grantee or update the contents of an existing grantee.

It is also possible to refer to predefined environment variables or environment variables defined in a config package CONFIG_ENVIRONMENT_VARIABLES with ${variable}-syntax in the grantee name field.

Example: Grantee Configuration

JSON
"grantees": [
  . . .
  {
    "granteeId": 2,
    "granteeName": "READ_ONLY",
    "superGranteeId": null
  },
  {
    "granteeId": 3,
    "granteeName": "${EXEC_ROLE}",
    "superGranteeId": null
  }
  . . .
]

If an existing grantee needs to be deleted, simply remove it from the set of values before importing the configuration package.


Grantee configuration

Grantee configurations are managed inside the JSON array block named, grantees.

Key

Value type

Example

Description

granteeId

Integer

2

Unique identifier of the grantee.

granteeName

String

READ_ONLY

The name of the grantee.

superGranteeId

Integer

null

Optional. The parent grantee.

granteeType

String

ROLE

The type of the grantee.

You can add new grantee or update the contents of an existing grantee.

It is also possible to refer to predefined environment variables or environment variables defined in a config package CONFIG_ENVIRONMENT_VARIABLES with ${variable}-syntax in the grantee name field.

Example: Grantee Type Configuration

JSON
"granteeTypes": [
  . . .
  {
    "granteeType": "USER",
    "description": "For granting permissions for users"
  },
    {
      "granteeType": "ROLE",
      "description": "For granting permissions for roles"
    },
    {
      "granteeType": "SHARE",
      "description": "For granting permissions for shares"
    }
  . . .
]

If an existing grantee type needs to be deleted, remove or alter also the grantees currently stated currently to be in such granteeType.

Please notice that grantee types for Google BigQuery are case sensitive and the default grantee type USER will be lowercase as required (Google BigQuery user list)


Default grant configuration

Default grant configurations are managed inside the JSON array block named, defaultGrants.

Key

Value type

Example

Description

defaultGrantId

Integer

1

Unique identifier of the default grant.

entityType

String

GENERIC

The name of the entity type.

permission

String

SELECT

The name of the entity permission. For more information, refer to the Entity Permission Configuration section above.

granteeId

Integer

2

The identifier of the grantee. For more information, refer to the Grantee Configuration section above.

withGrantOption

Boolean

false

Whether the grant option is used or not.

You can add new default grant or update the contents of an existing default grant.

Example: Default Grant Configuration

JSON
"defaultGrants": [
  . . .
  {
    "entityType": "GENERIC",
    "permission": "SELECT",
    "granteeId": 2,
    "withGrantOption": false,
    "defaultGrantId": 1
  },
  . . .
]

If an existing default grant needs to be deleted, simply remove it from the set of values before importing the configuration package.


Notes

Variables have to be referred in grantee names with ${variable_name} which differs from the standard notation <variable_name>.


Examples

Using the environment_name variable

Agile Data Engine provides predefined variables that can be used with CONFIG_ENTITY_PERMISSIONS.

In this example, environment_name is used as part of grantee name to use environment specific roles:

JSON
 ...
 "grantees": [
    ... ,
    {
      "granteeId": 1,
      "granteeName": "${environment_name}_ANALYST",
      "granteeType": "ROLE"
    },
    {
      "granteeId": 2,
      "granteeName": "${environment_name}_DEVELOPER",
      "granteeType": "ROLE"
    },
    ...
  ]
  ...

Note that any environment variable used in grantee name value is substituted and transformed to uppercase.

Any '-' and '.' are replaced with '_' (except for BigQuery).

For example:

Environment name:

Runtime.1_for-test

Grantee name:

${environment_name}-BI-Developer

Transformed result:

RUNTIME_1_FOR_TEST_BI_Developer.

(for BigQuery > RUNTIME.1_FOR-TEST-BI-Developer)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.