The Data Bridge API enables tenant administrators to manage access to their Data Bridge cluster, the server instances in that cluster, and to databases on those instances.
Intelligent Risk Platform™ manages user role-based access rights and permissions that are granted on a group-by-group basis. A group is collection of user accounts that share a common role (e.g. consumer or contributor) within a specific domain (server instance, database, exposure set). Users inherit access rights and permissions based on group membership.
Tenant administrators may use Data Bridge API services to define server- and database-level access rights for groups of users. User accounts and groups must be defined in Admin Center.
Admin Center is an Intelligent Risk Platform application that enables tenant administrators to define and manage user accounts, groups, and roles. Tenant administrators may define groups, add user accounts to groups, and apply one or more roles to each group.
Data Bridge manages role-based permissions and access to Data Bridge clusters, managed SQL Server instances, and databases on a group-by-group basis:
- Groups define the access rights granted to users. Access to SQL Server instances and databases is based on group membership.
- Groups define the permissions granted to users. Permissions to perform operations on SQL Server instances, EDM and RDM databases, custom databases are granted to users based on group membership.
- Groups restrict the logins that users may create and own. Users may create logins to SQL Server instances that they can access based on group membership.
A role is a set of access rights and permissions that represent a job function. Intelligent Risk Platform supports two Data Bridge roles:
- The Consumer role confers read-only access to the databases on a managed SQL Server instance. Users belonging to this group cannot modify data in databases or upload EDMs or custom databases to Data Bridge.
- The Contributor role enables users to modify data, import or export data, and add or remove databases on managed SQL Server instances.
For detailed information about administering Intelligent Risk Platform groups and role-based privileges, see the Intelligent Risk Platform Administrator Guide.
The Data Bridge API enables tenant administrators manage user access to Data Bridge clusters, SQL Server instances, and databases on a group-by-group basis.
Data Bridge API services enable administrators to define access at four levels:
- The Cluster API provides services that enable administrators to manage access to the tenant's Data Bridge clusters using access control lists (ACLs).
- The SQL Instance API provides services that enable administrators to manage access to managed SQL Server instances in a Data Bridge cluster.
- The Database API provides services that enable administrators to manage access to databases on SQL Server instances.
- The Logins API provides services that enable administrators, contributors, and consumers to manage logins to managed SQL Server instances.
Administrative tasks are operations that can be performed by a tenant administrator in the Admin Center or using Data Bridge API services.
RMS provisions each tenant with an Admin group that has been assigned the Admin role. A tenant administrator is a user that belongs to the Admin group (or another group assigned the Admin role).
|Create or delete group||Admin||X|
|Assign roles to groups||Admin||X|
|Assign users to groups||Admin||X|
|Group access to SQL Server instances||Admin||X|
|Group access to databases||Admin||X|
|Administer owned logins||Admin, Consumer, Contributor||X||X|
|Set minimum TLS version||Admin||X|
|Create, update, delete logins||Admin||X||X|
Updated 5 months ago