Graal Platform Documentation

Graal Platform Documentation

  • Docs
  • Help

›Security

Overview

  • What is Graal Platform?
  • Why use our platform?
  • How Graal Platform works?
  • Concepts
  • Jobs & workflows
  • Security

Quickstart

  • Quickstart

Tutorials

  • Get started with Python
  • Get started with Dask
  • Get started with XGBoost
  • Get started with Apache Spark and Maven
  • Get started with Apache PySpark
  • Get started with Apache Beam and Gradle
  • Use the API
  • Using the command line tool (graalctl)
  • Using secrets
  • Migration from Databricks
  • Get started with Tensorflow
  • Get started with Pytorch
  • Get started with Mxnet
  • Setting up the Hadoop bridge
  • Get started with Apache Flink and Maven
  • Get started with Dbt
  • Get started with Pulsar
  • Get started with Apache Spark Streaming Pulsar
  • Get started with Debezium
  • Get started with the SDK

How-to guides

  • Using Graal Platform with Azure Data Factory
  • Publishing your artefacts with Azure DevOps
  • Using Graal Platform with Apache Airflow
  • Publishing your artefacts with Jenkins
  • Spark
  • Network, VPN, gateway and firewall
  • Logs
  • Pricing

Security

  • Overview
  • Comply with requirements
  • Infrastructures under Graal Systems
  • Responsibilities

Troubleshoot & debug

  • Troubleshooting
  • Common issues
  • Debug jobs

Overview

Authentication

Role-based access control (RBAC)

Access management is a critical function for any organization. Graal Platform role-based access control (RBAC) helps you manage who has access to your resources and services, what they can do with those resources, and what areas they have access to.

What can I do with RBAC?

Here are some examples of what you can do with RBAC:

  • Allow one user to manage jobs in a project and another user to manage the networks
  • Allow an admin group to manage services in a tenant
  • Allow a power user to manage all users, groups and rules

How RBAC works

The way you control access to resources using RBAC is to assign roles. This is a key concept to understand – it's how permissions are enforced. A role assignment consists of three elements: principal, role definition, and scope.

Principal

A principal is an object that represents a user, group or identity that is requesting access to resources. You can assign a role to any of these principals.

Role definition

A role definition is a collection of permissions. It's typically just called a role. A role definition lists the actions that can be performed, such as read, write, and delete. Roles can be high-level, like owner, or specific, like project reader.

Graal Platform includes several built-in roles that you can use. For example, the Project Contributor role allows a user to create and manage jobs inside a project. If the built-in roles don't meet the specific needs of your organization, you can create your own custom roles.

Scope

Scope is the set of resources that the access applies to. When you assign a role, you can further limit the actions allowed by defining a scope. This is helpful if you want to make someone a Project Contributor, but only for one resource group.

Role assignments

A role assignment is the process of attaching a role definition to a user, group or identity at a particular scope for the purpose of granting access. Access is granted by creating a role assignment, and access is revoked by removing a role assignment.

How RBAC determines if a user has access to a resource

← PricingComply with requirements →
  • What can I do with RBAC?
  • How RBAC works
    • Principal
    • Role definition
    • Scope
    • Role assignments
    • How RBAC determines if a user has access to a resource
Graal Platform Documentation
Overview
What is Graal Platform?
Quickstart
Apache SparkApache FlinkApache BeamPythonTensorflowDaskDistributed XGBoost
Links
HomeConsoleCopyrights
Copyright © 2023 Graal Systems