Introduction
On Civis Platform, one feature of its UI that should be familiar to users is the Data Pane (highlighted in red in the screenshot below). The Data Pane is Platform’s UI display into your database (Redshift or Postgres), where Civis stores all your structured data. There are two types of "database objects:" schemas, and tables. Accessing and interacting with database objects usually involves some degree of querying against your cluster in SQL (i.e. querying from the Query pane, or writing a SQL script).
Another familiar UI feature in Platform is the top Navigation. Through the four menu items in the middle (highlighted in red in screenshot below), users can create a variety of different "Platform objects". Some of the most common Platform objects users may interact with are imports, exports, scripts, notebooks, workflows, and reports. Beyond these six main Platform objects, users can create credentials, remote hosts, and other objects as well. These objects can all be modified with the UI and API, and share many functions such as sharing and archiving.
Now that we’ve introduced the distinction between databases and Platform by highlighting the different types of objects that exist, let’s go over some consequences of that distinction.
Passwords
One consequence of Platform’s relationship with databases is that you need separate credentials to access your cluster and Platform account. As you’ll note, there are two separate passwords to specify under the My Profile page in the drop down under your initials in the top right corner of Civis Platform. The screenshot below highlights your two passwords in Platform. The red box highlights your Platform password, while the blue box highlights your Redshift/Postgres, or "database" password. This latter password is sometimes referred to as your default database credential.
When you’ve been added to a new cluster, you may have received an email from Client Success asking you to change your database password. This is necessary for ensuring that your database credentials remain consistent across all the clusters that you are a part of. You don’t, however, have to update your console password because getting access to a new cluster is a Redshift/Postgres operation.
Whenever you want access to a database object like a table, it is most likely that the credential associated with that request for access is your database password. An example of this is when users connect a local Tableau Desktop instance to their cluster. To pull data from tables stored in Platform, users would input their database password in Tableau Desktop to connect to their cluster.
Alternatively, there are other instances where you may have to use your Platform rather than your database password. Accessing the Civis VPN is an example of when this is the case.
In general, it is helpful to think about whether the resource you are trying to access or the task you are trying to complete involves database objects like tables and schemas, or Platform objects like scripts, notebooks, and workflows. If it’s the former, go with your database password. If it’s the latter, go with your console password.
Users
Another consequence of the distinction between databases and Platform is that for full accounts (i.e. accounts with access to all of Platform’s functionalities) in Civis Platform, there must be two user profiles created, one in the database, and one in Platform itself. Even though you may be able to log in to Platform and interact with Platform objects, without a user role created in your organization’s Redshift or Postgres cluster, you cannot query against the data stored in it. The screenshots below capture the difference between what it means to have a user profile on Platform vs. a user role on a database.
The Users page under the Admin dropdown in the top Navigation. This page displays everyone who has a Platform account in your organization. Just because users exists in this page does not mean that they can do everything in Platform (ex. query tables, etc.)!
A query that returns all the users on a cluster. It is possible for someone to have a user profile in Platform but not a user role on their organization’s cluster.
Groups
Similar to users, there is also a distinction between Platform and database groups. At Civis, we like to administer permissions to objects at the group level for both Platform and database objects. Following along with the theme in other sections on this page, to have permissions for a Platform object, you should be a part of the Platform group that has permissions on that Platform object. Likewise, to have permissions on a database object, you should be a part of the Redshift group that has been permissioned on that database object.
On a separate note, Platform groups also dictate which clusters you can see in the Civis Platform UI. If a cluster that you should have access to does not populate in the dropdown menu in the top Navigation, it is likely the case that you have not been added to the Platform group with read permissions on that cluster. See the screenshots below for a visualization of the difference between Platform and database groups:
By clicking on a user in the user page, you can see which Platform groups that user belongs to. The groups that users belong to determines the majority of the permissions they have on Platform objects. Of course, permissions on Platform objects can also be granted at the user level, meaning that users’ group memberships are not perfectly indicative of their permissions on Platform objects.
A query that returns all the groups on a cluster. Database groups and how membership is administered for them relies on a process separate from how membership is administered for Platform groups.
Permissions
Informative documentation already exists on our help page about how permissions to Platform and Redshift objects differ. Learn more about each type of permissioning using the links below:
Database Objects
- https://civis.zendesk.com/hc/en-us/articles/115000695326-Granting-Permissions-to-Database-Objects
- https://civis.zendesk.com/hc/en-us/articles/360032929031-Self-Servicing-Permissions-on-Database-Objects
Platform Objects
- https://civis.zendesk.com/hc/en-us/search?utf8=%E2%9C%93&query=sharing
- https://civis.zendesk.com/hc/en-us/articles/360032570792-Self-Service-Sharing-on-Platform-Objects
For more questions on the relationship between Platform and databases, reach out to Client Success at support@civisanalytics.com!
Comments
0 comments
Please sign in to leave a comment.