Manage access
With GX Cloud’s access control options, you can ensure security and make collaboration more efficient. This page covers configuration for multiple workspaces, individual users, and access tokens.
SSO is available on the Enterprise plan. Contact sales to upgrade to Enterprise.
Workspaces
GX Cloud helps you spread the work of managing data quality across your business, so you can use knowledge from various stakeholders to ensure high standards. GX Cloud offers multiple workspaces to organizations on the Enterprise plan to support collaborating with many teams in GX Cloud without compromising on security or structure within the application. With workspaces, you can group your Data Sources, Data Assets, and users in flexible ways. For example, you might create different workspaces based on the following:
- Functions (e.g., engineering and finance)
- Medallion architecture (e.g., Bronze, Silver, and Gold layers)
Workspaces help keep your data quality efforts clear, relevant, and secure, no matter how complex your business is. Here's one example of how an organization might use multiple workspaces.
Keep the following in mind when using workspaces:
- Your organization must be on the Enterprise plan to use multiple workspaces. Contact sales to upgrade to Enterprise.
- You must be an Organization Owner to manage workspaces.
- To use the GX Cloud API in an organization with multiple workspaces, your GX library version must be >= 1.6.0.
Create a workspace
- In GX Cloud, click Workspaces.
- Click New workspace.
- Enter a Workspace name.
- Click Create.
Now you can invite users to collaborate in the workspace. Note that Organization Owners will automatically have access to the new workspace.
Edit a workspace
To change the name of a workspace, follow the instructions below. To change the membership of a workspace, edit users.
- In GX Cloud, click Workspaces.
- Click
Edit workspace for the workspace that you want to rename. - Change the Workspace name.
- Click Save.
When you rename a workspace, old links and integrations for that workspace will still function. But, you may want to let your team know about the change so they can find what they’re looking for in the GX Cloud UI.
Delete a workspace
To delete a workspace, follow the instructions below.
- In GX Cloud, click Workspaces.
- Click
Delete workspace for the workspace that you want to remove. - Review the warning and enter the workspace name to confirm you understand the consequences and want to proceed.
- Click Delete.
Users
Workspace users can be members of multiple workspaces with different permissions. Organization Owners are always members of all workspaces with full permissions.
Roles and permissions
The following table lists GX Cloud roles and permissions.
| User role | Organization Owner | Workspace Admin | Workspace Editor | Workspace Viewer |
|---|---|---|---|---|
| Manage workspaces | ✅ | ❌ | ❌ | ❌ |
| Manage Organization Owners | ✅ | ❌ | ❌ | ❌ |
| Manage organization access tokens | ✅ | ❌ | ❌ | ❌ |
| Manage workspace users * | ✅ | ✅ | ❌ | ❌ |
| Manage user access tokens * | ✅ | ✅ | ✅ | ❌ |
| Manage Data Sources, Data Assets, and Expectations * | ✅ | ✅ | ✅ | ❌ |
| View Validation Results * | ✅ | ✅ | ✅ | ✅ |
* Scoped to the workspace(s) the user belongs to.
Invite a user
-
In GX Cloud, click Users.
-
Click Invite user and complete the following fields:
-
Workspace - If you’re adding a Workspace Admin, Editor, or Viewer, select a workspace. If you’re adding an Organization Owner, they will automatically have full access to all current and future workspaces.
-
Email - Enter the user's email address.
-
Role - See roles and permissions for details on the options.
-
-
Click Send invitation.
An email invitation is sent to the user.
Edit a workspace user’s role
Workspace user permissions are managed on a workspace basis. To edit a user’s role across multiple workspaces, repeat the following steps. You can search for a user by email to make it easier to find all the workspaces they belong to.
-
In GX Cloud, click Users.
-
Find the workspace for which you want to edit a user’s role.
-
Click
Edit user for the person you want to update. -
Select a role and then click Update user.
Edit an Organization Owner’s role
Organization Owners have access to all workspaces. When you downgrade an Organization Owner’s role, you select one workspace for them to continue to belong to. After that, you can invite them to additional workspaces as needed.
- In GX Cloud, click Users.
- Find the workspace you want the downgraded user to continue to belong to.
- Click Edit user for the Organization Owner you want to update.
- Select a workspace Role.
- Click Update user.
Delete a user’s access
Workspace user access is managed on a workspace basis. To remove a workspace user’s access across multiple workspaces, repeat the following steps. You can search for a user by email to make it easier to find all the workspaces they belong to. If you delete an Organization Owner, they lose access to all workspaces immediately. If you delete a user from all of their workspaces, they lose all access to GX Cloud.
- In GX Cloud, click Users.
- If you’re removing a workspace-level user’s access, find the workspace from which you want to remove the user.
- Click Remove user for the person you want to remove.
- Click Remove.
Tokens
Tokens provide secure access to your GX Cloud entities through the GX Cloud API.
Access tokens shouldn't be committed to version control software.
Here is an overview of the different types of tokens.
| Token type | User access token | Organization access token |
|---|---|---|
| Token permissions | Inherited from the user the token belongs to, capped by the user's role at the time the token was created. If a user’s permissions are changed after a token was created, the token’s permissions are changed as well, except that token permissions will never exceed the role the user had when the token was created. | Workspace Editor. |
| Workspace scope | Inherited from the user a token belongs to. If a user’s workspace membership is changed after a token is created, the token’s scope is changed as well. | All workspaces. |
| Common use cases | Connecting Data Sources, adding Data Assets, and creating Expectations. | External application authentication for tasks such as deploying the GX Agent or orchestrating validation runs. |
| Ownership | Each Workspace Editor, Workspace Admin, or Organization Owner manages their own user access tokens. | Organization Owners collectively manage a pool of organization access tokens. If an Organization Owner is removed or demoted, any organization access tokens they created are not affected. |
Create a user access token
You can create your own user access tokens if you are a Workspace Editor, Workspace Admin, or Organization Owner.
- In GX Cloud, click Tokens.
- In the User access tokens pane, click Create user access token.
- In the Token name field, enter a name for the token that will help you quickly identify it.
- Click Create.
- Copy, paste, and then save the user access token as a text file or similar. The token can't be retrieved after you close the dialog.
- Click Close.
Create an organization access token
You must be an Organization Owner to create an organization access token.
- In GX Cloud, click Tokens.
- In the Organization access tokens pane, click Create organization access token.
- In the Token name field, enter a name for the token that will help you quickly identify it.
- Click Create.
- Copy, paste, and then save the organization access token as a text file or similar. The token can't be retrieved after you close the dialog.
- Click Close.
Delete a user or organization access token
- In GX Cloud, click Tokens.
- Click Delete token for the token you want to remove.
- Click Delete to confirm.