How to share a datasource to all users? I can't really find a good way to do that.
We have an SSO-integration setup towards (A)AD, but have little control over that. Not sure if i could use the local identity provider and create a group that includes all (domain and/or local ) users.
Best answer by Stijn Agten
On TrendMiner side the all SAML groups are bundled under the SSO name. So in my example “SAML-Azure” contains all groups from that provider. So in your case it would contain all 80 SAML groups. So if you add the complete top level group there is no need to add all 80 groups separately per data source, nor is it required to create a new group on you server.
SAML-CS-3 in my example is a second SSO connection which might be a bit less common and therefor maybe somewhat confusing here.
About your other questions:
The ‘public’ option is a nice idea. Feel free to share it with our product team:
But that being said, the ‘public’ share can quite easily be simulated by assigning the permission to the full local group and all top level SAML groups like I shared above.
The best solution would be to concentrate the permission management on the AD server but if that’s not so easy you can also create a local group and add SAML users and local users/groups to that local group. It is not possible to add a SAML group as a subgroup of the local group.
The big disadvantage of this approach is that it requires you to add all users manually to that local group which can become cumbersome.
An easier way to give all users access to 1 data source is to create an ACL for that data source and add the full “local” group and all existing SAML groups.
The members of that ACL would look like this.
Local groups is not really a feasible option due to security requirements.
We have about 80 groups in total (1 for each plant), so that would mean authorizing 80 groups on a datasource. Creating a group (A)AD side has a lot of impact on our authorization process, so that's not the easiest route overall.
Out of interest:
It would be a great idea to add a “public” option on datasources, to allow access to anyone.
On TrendMiner side the all SAML groups are bundled under the SSO name. So in my example “SAML-Azure” contains all groups from that provider. So in your case it would contain all 80 SAML groups. So if you add the complete top level group there is no need to add all 80 groups separately per data source, nor is it required to create a new group on you server.
SAML-CS-3 in my example is a second SSO connection which might be a bit less common and therefor maybe somewhat confusing here.
About your other questions:
The ‘public’ option is a nice idea. Feel free to share it with our product team:
But that being said, the ‘public’ share can quite easily be simulated by assigning the permission to the full local group and all top level SAML groups like I shared above.
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
