Users and Groups

You can create groups and assign user accounts to the groups. Assign users to a group so that you can easily manage the roles and permissions for the users. Users can belong to one or more groups.

For example, let's say that you have multiple data engineers who perform the same tasks. You create a Data Engineer group and assign all data engineers to that group. Then you assign roles to the Data Engineer group, so that each user within that group has the same roles. If you need to change the roles, you can change the role assignment once on the group, rather than changing the roles for multiple times, once for each user account.

Control Hub provides a default all group that includes every user in the organization.

You can assign roles to both users and groups. If you assign roles to a user and also assign roles to a group that the user belongs to, the user has the union of all roles.

Changes to existing groups and user accounts take effect the next time the user logs in.

Creating User Accounts

Create a user account to allow a user to perform tasks in Control Hub.

  1. In the Navigation panel, click Administration > Users.
  2. Click the Add New User icon: .
  3. On the Add User window, configure the following properties:
    User Account Property Description
    User ID User ID for the account. Use the following naming convention: 
    <ID>@<organization ID>
    Display Name Display name.
    Email Address Email address for the account.
    SAML User Name SAML identity provider user account to map to this Control Hub user account.

    Configure when SAML authentication is enabled for the organization. If not using SAML authentication, you can leave the default value which is the same as the email address for the account.
    LDAP User Name LDAP user account to map to this Control Hub user account.

    Displays when a Control Hub installation is enabled for LDAP authentication.
  4. Optionally, assign the roles that you want the user to have.

    Default role assignments for new users and new groups permit most tasks to encourage development and testing. Change those role assignments as needed to secure the integrity of your organization and data. You can click None to clear all role assignments, or you can click All to assign all roles.

    You must assign each user at least one role, either the Organization Administrator or the Organization User role.

    For a description of each role, see Role Descriptions.

  5. Optionally, add the user to groups.

    For a Control Hub installation enabled for LDAP authentication, you cannot assign Control Hub users to Control Hub groups. Instead, you map Control Hub groups to LDAP groups. Control Hub retrieves the group memberships from the LDAP provider.

    Tip: To more efficiently manage user accounts, clear all roles for the user, assign the user to one of the Organization roles, and then add the user to a group that has the appropriate roles. You can add the user to groups while you create the user account or after you create the user account.
  6. To enable access to Control Hub, make sure the Active property is selected.
    You can use this option to disable access to Control Hub without deleting the user account.
  7. Click Save.
    Control Hub sends an email to the associated email account with a link to set a password.
    Important: The user must set an initial password within seven days of receiving the email. Otherwise, the link expires and you must reset the password as explained in Resetting a Password.

Creating Groups

Create groups for related users so that you can more efficiently manage users.

  1. In the Navigation panel, click Administration > Groups.
  2. Click the Add New Group icon: Add New Group icon.
  3. On the Add Group window, configure the following properties:
    Group Property Description
    Group ID Group ID for the group. Use the following naming convention: 
    <ID>@<organization ID>
    Display Name Display name.
    LDAP Groups When a Control Hub installation is enabled for LDAP authentication, LDAP group to map to this Control Hub group. LDAP group names are case sensitive.
  4. Assign roles to the group.

    Each user added to the group inherits the same roles.

    Default role assignments for new users and new groups permit most tasks to encourage development and testing. Change the role assignments as needed to secure the integrity of your organization and data.

    For a description of each role, see Role Descriptions.

  5. Click Save.
    After creating the group, you can add users to the group.
    Note: For a Control Hub installation enabled for LDAP authentication, you cannot assign Control Hub users to Control Hub groups. Instead, you map Control Hub groups to LDAP groups. Control Hub retrieves the group memberships from the LDAP provider.

Adding Users to Groups

Create groups and add user accounts to groups to more efficiently manage user accounts.

To add a user to a group, you can modify the user account or the group.

Note: For a Control Hub installation enabled for LDAP authentication, you cannot assign Control Hub users to Control Hub groups. Instead, you map Control Hub groups to LDAP groups. Control Hub retrieves the group memberships from the LDAP provider.
  1. In the Navigation panel, click Administration > Users, or click Administration > Groups.
  2. Click the row listing the user or group to display its details.
  3. Click in the area under User Groups or Group Users, then select the group to add to the user or the user to add to the group.
  4. Click Save.

Activating or Deactivating Users

Users must be active to log in to Control Hub.

You might temporarily deactivate a user to disable access to Control Hub.

  1. In the Navigation panel, click Administration > Users.
  2. Click the row listing the user to display its details.
  3. Under the User Roles, select the Active property to activate the user. Clear the Active property to deactivate the user.
  4. Click Save.

Resetting a Password

When needed, you can reset a password for a user account.

  1. In the Navigation panel, click Administration > Users.
  2. Click the row listing the user to display its details.
  3. In the bottom right corner of the details, click Reset Password.
    The user receives an email with a link to set a new password.
    Important: The user must set the password within 24 hours of receiving the email. Otherwise, the link expires and you must reset the password again.