Working with a tenant

You can update or delete a tenant, and also assign access to a tenant.

Before managing a tenant, you must have read and been familiar with the details about the command prompts and supported responses. See Tenant names and attributes and Creating a tenant.

Updating a tenant

Perform the following steps to update an existing tenant:

  1. In a terminal session, change into the Z Data Analytics Platform installation directory, and then run the manage-security-tenants update command:
    cd <ZOA_HOME>
    ./bin/dockerManageZoa.sh manage-security-tenants update
  2. Enter the name and attributes of the tenant, when prompted by the command.
  3. The tenant information is then passed to the identity management service, and you are asked if the tenant information should be updated or replaced.
    • If the information should be updated, the newly entered information and the previously existing information are combined into one tenant definition.
    • If the information should be replaced, the newly entered information replaces the previously existing information.
    Note: If you specify a tenant name that is not yet defined, you are prompted to create it. If you answer no, an error message is displayed, and the process terminates.
  4. You are also prompted to decide whether you want to update the dashboards and saved searches for the curated data or not.

After the tenant group is updated in the authentication service, the information is then used to update the tenant workspace and its associated three tiers of functional access permissions.

Also, after the tenant workspace is updated, the dashboards and saved searches for the curated data are also updated, if you selected that option in Step 4.

Deleting a tenant

Perform the following steps to remove an existing tenant:

  1. In a terminal session, change into the Z Data Analytics Platform installation directory, and then run the manage-security-tenants delete command:
    cd <ZOA_HOME>
    ./bin/dockerManageZoa.sh manage-security-tenants delete

    The command displays a list of tenant groups that are currently defined in the identity management service.

  2. You can now use the following keys:
    • Use the Up and Down arrow keys to navigate between the listed items.
    • Use the Spacebar key to select or deselect an item.
    • Use either the Enter or Return key to submit your completed selections.
For each selection,
  • Its tenant group is deleted from the identity management service.
  • The functional access tiers of the tenant are deleted.
  • The dashboards and saved searches that are associated with the tenant workspace are deleted.
  • The workspace of the tenant is deleted.

Assigning access to a tenant

Perform the following steps to assign access to a tenant:

  1. Log in to the identity management service as an administrator.
  2. Navigate to the IzoaKeycloak security realm if you are not automatically redirected to it.
  3. In the left navigation panel, click Manage > Users.
  4. Perform one of the following actions:
    • If no user federations are defined

      All the manually created user IDs are automatically displayed.

      Click the username that you want to assign to a tenant.

    • If one or more user federations are defined

      No user IDs are shown, as a default feature. Enter a string in the Search field. The identity management service returns all IDs that match the string.

      Click the username that you want to assign to a tenant.

      Note: User IDs that are associated with an RACF® federation with direct authentication will not be available until after the first successful login attempt. For more information, see RACF user federation.
  5. Navigate to the Role mapping tab, and then assign one of the Z Data Analytics Platform roles to the ID to indicate the functional level of access.
    • zdapadmin - Administrator
    • zdapadvuser - Advanced user
    • zdapbaseuser - Basic user

    If multiple roles are assigned to a user, the ID accesses the Z Data Analytics Platform at the lowest functional level.

    Important:
    • Assign the zdapsuper role only to those user IDs that should have superuser privileges in the Z Data Analytics Platform. Superuser IDs must be assigned to the tenant-super tenant group.
    • The tenant-super tenant does not support the zdapadmin functional role. If you want to add another administrative user to the tenant-super tenant, that user must be assigned the zdapsuper role.
  6. Navigate to the Groups tab and join one or more tenant groups to the ID.
    Note:
    • Tenant group names always start with the prefix tenant-.
    • If a user ID is a member of more than one tenant group, it can access the tenant workspace for either tenant. The user ID is also able to access the operational data that is permitted for either tenant, irrespective of the tenant workspace it works in. However, the user ID can see the artifacts that are saved in the currently active workspace only.