Troubleshooting DataHub Permissions and Configuration

Original Slack Thread

Hello everyone,
I recently installed DataHub locally using Docker, and I followed the documentation to set it up successfully. I also imported the ingest-sample-data. However, I have encountered several issues that I haven’t been able to figure out how to achieve my desired results. I would appreciate your help in understanding how to achieve the following:

  1. In Permissions -> Role, I assigned the “Admin” role to the datahub account, which should allow me to perform any operation. However, I’m unable to modify my own password, as the “Reset Password” option is grayed out.
  2. In the imported ingest-sample-data, under Permissions -> Policies, there are many settings that I cannot edit or modify, even though the datahub account has Admin privileges.
  3. I’ve tried various Policies configurations, but I’m unable to make a user see only their own data. In other words, I want a user to see data where they are the owner or it belongs to their group. I’m not sure how to configure this so that a user can only search for resources where they are the owner or it belongs to their group, and other resources shouldn’t be searchable.
    I’d greatly appreciate any assistance or guidance on how to achieve these objectives. Thank you!

<@U03BEML16LB> might be able to help you on this!

hey there! I think I can clear up some confusion here:

  1. we don’t allow you to edit the password in the UI of only the root user specifically in order to keep a safety hatch into your instance in case all else goes awry. this password gets defined in your user.props file in datahub-frontend/conf/ though if you’d like to change it
  2. I believe for similar reasons we have default policies set so that people are set up with a “working” instance. All of these are going to be defined in metadata-service/war/src/main/resources/boot/policies.json and you can always edit that file if need be
  3. so right now we don’t have a policy that can constrain what you see in search results, but we do have a “view entity page” permission that you can control who’s allowed to see entity profile pages specifically - just not search results for now.

Thank you very much for your response; you’ve resolved most of my issues. :+1: