The Satori Data Portal enables data consumers to gain access to data in data stores by requesting access to datasets. Once access has been granted, they receive the data store connection details and credentials.
Setting Up the Data Portal
Follow the steps below to deliver the best user experience to your data consumers.
1 - Configure Single Sign-On (SSO)
To enable data consumers to easily access the Data Portal, configure SAML-based single sign-on (SSL) to the Satori Management Console. Perform the following steps to enable SSO in the Satori Management Console: Single Sign-On Chapter.
To enable data consumers to access the Data Portal, assign them to the Satori app you created in your identity provider.
When data consumers access the Data Portal for the first time, a user will be automatically created for them in the Satori Management Console and they will be assigned the Data Consumer role.
2 - Settings the Default Credentials Expiration
The Data Store access credentials have a preconfigured expiry date that is set in the management console by the data steward. The default credentials expiration time is set to eight hours.
Note: You can set expirations on a per-user or per-group basis:
3 - Customize the Data Portal Theme
Customize the user access request forms and the Data Portal interface according to your organization's theme. The customizable elements include company logo, primary and secondary colors.
To customize the Data Portal interface theme perform the following steps:
- Select the Settings list menu from the kebab menu on the right side of the application banner
- Select the Account Custom Theme tab.
- Enable the Custom Theme toggle switch
- Select the Data Portal Background Color
- Select the Primary and Secondary organization colors.
- Upload your Company Logo and use a png file format and ensure that it has a transparency layer for best results. (see inline file format size and configuration paramters).
4 - Configure Datasets to be Displayed in the Data Portal
The Data Portal only displays datasets that data consumers are entitled to use. The list of available datasets varies according to the data consumer's identity and the list of access rules defined on each dataset.
To add a Satori Dataset to the Data Portal perform the following configurations for each Dataset:
- First click on the relevant Dataset in the Dataset view.
- Select the User Access Rules tab.
- Enable the Give Satori Control Over Access to the Dataset toggle switch.
- Add users and groups to this Dataset. These users and groups will then see this Dataset in the Satori Data Portal. In the following screenshot, any member of "Data Science Team" and "Satori Preauthorized" will see the Dataset "Example Dataset" in the Satori Data Portal:
In addition to allowing Instant Access, your Satori Dataset can also include Access Request Rules and Self-Service Rules.
Access Request Rules - Users who are a member of the Data Science Team group normally have read only access to this Dataset, but they can request read/write access for 30 days.
Self Service Rule - Users who are a member of the Satori Preauthorized group normally have read-write access, but they can request full access for 30 days:
Pre-defined Data Access Purpose
Satori enables you easily provide your data consumers with a list of pre-defined purposes to select from when requesting access to data. Specify whether data consumers need to provide a specific reason when selecting this purpose.
Activating the User Reasons in the Data Portal
To activate the USer Reason Required in teh Data Portal just toggle the rule on or off.
The Data Portal Interface
When one of your data consumers enters the Data Portal they are granted the default Data Access Level, they can then change the acces level if required.
A. The specified users and groups has access to a Dataset with their default access rules,they can request Elevated Access by clicking on the gear icon which will open the following commands:
B. They can then select the access policy that they require, which will start a manual or an automatic approval process, depending on the rule type access request versus self-service:
IMPORTANT: For more information about datasets, refer to the Datasets Chapter.
5 - Configure Data Store Authentication (Optional)
Satori provides you with the ability to provision temporary credentials for data consumers for supported data stores. This simplifies the process of managing users on databases or configuring single sign-on using your identity and cloud providers.
When a user connects to a data store, Satori authenticates and validates the user's Satori credentials. If the credentials are valid, Satori uses these predefined credentials to connect to the data store.
This is a very powerful feature which results in not having to maintain users/passwords directly in your database. Instead, all of the credentials are managed solely by the Satori platform.
Satori Authentication is supported for the following data store types: PostgreSQL, SQL Server, AWS Redshift, AWS Athena, MySQL, Greenplum, S3, MongoDB, Snowflake, CockroachDB.
Enabling Data Store Authentication
To enable data store authentication perform the following steps:
- Go to the Data Stores view and select a data store to configure.
- Select the Authentication tab.
- Check the Root Credentials checkbox
- Enter the username and password to use to connect to the data store. Satori stores credentials in encrypted form.
- Click SAVE.
Note: Enabling data store authentication does not impact existing authentication methods including local database users.
6 - Configuring the Slack Integration (Optional)
To learn how to set up the Slack integration follow the steps in the Slack Integration.
Once the Slack integration is enabled, you can use Slack in addition to using the Data Portal to make dataset access requests.
Opening the Data Portal
The Data Portal is the homepage for data consumers. For other users, to open the Data Portal go to the kebab menu located on the right side of the Satori application banner and select the "Data Portal" option from the drop menu.