Thursday, July 19, 2018

Limiting user access to view logs only in CloverETL server

When you are running production installation of a CloverETL server you might have separation of responsibilities or different permissions for different people.

I was asked recently how to enable specific people to only access logs for job runs on the server. This is common use case, you have some support personnel that need to have access to logs if something goes wrong in any of the scheduled processes. You don't want to overwhelm them with too many options, you don't want them to modify any existing process etc.

CloverETL set permissions on Group level, not on specific user level, eg. you cannot give John and Amy different permissions, you need to separate them first into two groups.

Whenever you will create new group it will have all permissions removed by default. You could tell that by red cross icons on the permission tree.

In our use case, you want to enable only "Unlimited access to execution history" for this particular group.

This configuration will allow all user assigned to this group view only Execution History tab, check previous runs, see their Tracking information (how many records were processed) and see or download log for particular run.

You might wonder what is doing Limited access to execution history list. That one gives you more control, With unlimited access group members will see all content of execution history, for all sandboxes. 
Limited access allows you to show history only for sandboxes that group has read access to, eg. if you limit access to Sandbox A to Group A and John is not member of Group A, he won't be able to see any runs of processes from that project even if he has access to Execution history. 

By default all sandboxes are visible to all groups, if you want to change it, you need to do in Permissions section of Sandboxes tab.

Currently visibility granularity is on sandbox level, eg. you cannot limit visibility for a specific graph only.

And this a very limited view that John will have if he is only member of a group which has only permissions for Execution history:

As you could seen in one of the previous pictures, granularity of permissions on CloverETL server is pretty elaborate, so go check documentation page for more details how you can configure access permissions for your users to your liking.

No comments:

Post a Comment