Permissions & Scope
Who has access to What ..
Communities, Permissions & Scope
In this hands-on workshop, you'll learn how to configure Community permissions and data source scope restrictions to implement fine-grained access control in PDC. We'll walk through the process of limiting specific Communities to only the data sources and schemas relevant to their business domain, demonstrating how to create secure, business-aligned data governance boundaries that enforce the principle of least privilege.
By the end of this workshop, you will be able to:
Configure Community scope restrictions to limit access to specific data sources
Implement domain-based data access controls that mirror organizational structure
Create business-aligned data boundaries using PDC's scope management features
Test and validate Community permission restrictions with user authentication
Understand how Communities enforce data governance policies at the asset level
Design scalable permission models that grow with organizational complexity
Apply the principle of least privilege to enterprise data governance
Workshop Process: You'll configure the AdventureWorks_Sales_Analytics Community to only access sales-related data sources, then test the restriction by logging in as Sarah Johnson (Sales Analyst) to verify she can only see the data sources appropriate for her role.
This workshop demonstrates how Data Catalog's Community scope features create the "WHAT" layer of your data governance framework—determining exactly which data assets each user can access based on their business function and organizational role.
Scope Configuration
Let's implement domain-specific access controls for Adventure Works business areas:
Sales Community gets access to
mssql:adventureworks2022-Sales(Sales + Person schemas only)HR Community gets access to
mssql:adventureworks2022-HR(HumanResources + Person schemas)Data Governance Council gets cross-domain access for governance oversight
System /Datasource Administrators get access to the complete
mssql:adventureworks2022database
Log into Data Catalog:
Username: [email protected]
Password: Welcome123!
AdventureWorks - Sales
Sales Schema Data Source Creation
When connecting to the AdventureWorks2022 database, administrators would create a dedicated "mssql:adventureworks2022-Sales" data source. During the "Ingest Schemas" process, click Ingest Schema, select the following schemas:
Sales - Orders, customers, territories, sales performance
Person - Contact information, addresses, demographics
and then click Ingest Schemas.
Click: Management in the left navigation menu.
Create a connection to: adventureworks2022 database with the following settings:
Data Source Name
mssql:adventureworks2022-sales
Data Source ID
Leave Blank to autogenerate ID
Description
AW DW: Sales + Person schemas only.
Data Source Type
Microsoft SQL Server
Affinity
Default
Configuration Method
URI
Username
sa
Password
StrongPassword123
URI
jdbc:sqlserver://pdc.pentaho.lab:1433;databaseName=AdventureWorks2022;user=sa;password=StrongPassword123;encrypt=false
Driver
mssql-jdbc-13.2.0.jre11.jar*
Database Name
AdventureWorks2022
Select: Sales + Person schemas.
Save: Data Source.
Click: Management in the left navigation menu.
Click: Communities (Users & Communities tile).
Select: AdventureWorks_Sales_Analytics > Edit
Scroll down to Scope.
Select: Data Sources & Click: +
Select: mssql:adventureworks2022-Sales & uncheck All
Click: Done & Save.
While you're here .. Edit the Scope: Data Sources for AdventureWorks_System_Administrators from All to: mssql:adventureworks2022.
We've now set the Data Sources Scope for the Sales Analysts .. we'll be back to set the others ..!!
Finally .. test by logging in as:
Username: [email protected]
Password: Welcome123!
Sales Analytics Community
Let's review the Adventure Works organization to make sure the Sales business unit users have the required permissions & scope to access the Data Catalog assets:
AdventureWorks_Data_Governance_Council
All
Data Steward
Cross-domain data stewardship and governance oversight.
elena.rodriguez
AdventureWorks_System_Administrators
All
All the Roles
Full Data Catalog administrative capabilities for system management.
james.lock
AdventureWorks_Datasource_Administrators
All
Data Storage Administrator
Adventure Works data source administrators.
hugo.reilly david.park
AdventureWorks_Sales_Analytics
Sales + Person
Data User
Sales team data analysis and customer insights.
sarah.johnson
AdventureWorks_Compliance_Officers
All
Business Steward
Regulatory compliance monitoring and audit management.
david.park
AdventureWorks_HR_Specialist
HumanResources
Business User
HR Specialist
michael.chen
AdventureWorks - HR
Sales Schema Data Source Creation
When connecting to the AdventureWorks2022 database, administrators would create a dedicated "mssql:adventureworks2022-HR" data source. During the "Ingest Schemas" process, click Ingest Schema, select the following schemas:
HumanResources - Employee data, departments, payroll information
Person - Contact information, addresses, demographics
and then click Ingest Schemas.
Click: Management in the left navigation menu.
Create a connection to: adventureworks2022 database with the following settings:
Data Source Name
mssql:adventureworks2022-HR
Data Source ID
Leave Blank to autogenerate ID
Description
AW DW: HumanResources + Person schemas only.
Data Source Type
Microsoft SQL Server
Affinity
Default
Configuration Method
URI
Username
sa
Password
StrongPassword123
URI
jdbc:sqlserver://pdc.pentaho.lab:1433;databaseName=AdventureWorks2022;user=sa;password=StrongPassword123;encrypt=false
Driver
mssql-jdbc-13.2.0.jre11.jar*
Database Name
AdventureWorks2022
Select: HumanResources + Person schemas.
Save: Data Source.
Click: Management in the left navigation menu.
Click: Communities (Users & Communities tile).
Select: AdventureWorks_HR_Spcialist > Edit.
Scroll down to Scope.
Select: Data Sources & Click: +
Select: mssql:adventureworks2022-HR & uncheck All
Click: Done & Save.
While you're here .. Edit the Scope: Data Sources for AdventureWorks_System_Administrators from All to: mssql:adventureworks2022.
We've now set the Data Sources Scope for the Sales Analysts .. we'll be back to set the others ..!!
Finally .. test by logging in as:
Username: [email protected]
Password: Welcome123!
x
x
Last updated
Was this helpful?