Data Bridge Administration

Administer access to Data Bridge clusters, SQL Server instances, and databases using the Data Bridge API

Overview

The Data Bridge API enables tenant administrators to manage access to their Data Bridge cluster, the server instances in that cluster, and to databases on those instances.

Intelligent Risk Platform™ manages user role-based access rights and permissions that are granted on a group-by-group basis. A group is collection of user accounts that share a common role (e.g. consumer or contributor) within a specific domain (server instance, database, exposure set). Users inherit access rights and permissions based on group membership.

Tenant administrators may use Data Bridge API services to define server- and database-level access rights for groups of users. User accounts and groups must be defined in Admin Center.

Admin Center administrative tasks

Admin Center is an Intelligent Risk Platform application that enables tenant administrators to define and manage user accounts, groups, and roles. Tenant administrators may define groups, add user accounts to groups, and apply one or more roles to each group.

Data Bridge manages role-based permissions and access to Data Bridge clusters, managed SQL Server instances, and databases on a group-by-group basis:

  • Groups define the access rights granted to users. Access to SQL Server instances and databases is based on group membership.
  • Groups define the permissions granted to users. Permissions to perform operations on SQL Server instances, EDM and RDM databases, custom databases are granted to users based on group membership.
  • Groups restrict the logins that users may create and own. Users may create logins to SQL Server instances that they can access based on group membership.

A role is a set of access rights and permissions that represent a job function. Intelligent Risk Platform supports two Data Bridge roles:

  • The Consumer role confers read-only access to the databases on a managed SQL Server instance. Users belonging to this group cannot modify data in databases or upload EDMs or custom databases to Data Bridge.
  • The Contributor role enables users to modify data, import or export data, and add or remove databases on managed SQL Server instances.

For detailed information about administering Intelligent Risk Platform groups and role-based privileges, see the Intelligent Risk Platform Administrator Guide.

Data Bridge API administrative tasks

The Data Bridge API enables tenant administrators manage user access to Data Bridge clusters, SQL Server instances, and databases on a group-by-group basis.

Data Bridge API services enable administrators to define access at four levels:

  • The Cluster API provides services that enable administrators to manage access to the tenant's Data Bridge clusters using access control lists (ACLs).
  • The SQL Instance API provides services that enable administrators to manage access to managed SQL Server instances in a Data Bridge cluster.
  • The Database API provides services that enable administrators to manage access to databases on SQL Server instances.
  • The Logins API provides services that enable administrators, contributors, and consumers to manage logins to managed SQL Server instances.

Data Bridge administration tasks

Administrative tasks are operations that can be performed by a tenant administrator in the Admin Center or using Data Bridge API services.

RMS provisions each tenant with an Admin group that has been assigned the Admin role. A tenant administrator is a user that belongs to the Admin group (or another group assigned the Admin role).

Operation

Role

Admin Center

API

Create or delete group

Admin

X

Assign roles to groups

Admin

X

Assign users to groups

Admin

X

Group access to SQL Server instances

Admin

X

Group access to databases

Admin

X

Administer owned logins

Admin, Consumer, Contributor

X

X

Set minimum TLS version

Admin

X

Create, update, delete logins

Admin

X

X


Did this page help you?