Role-based Access Control (RBAC) at Unravel
Overview of RBAC on Unravel
Enabling RBAC at Unravel ensures that users can only access data and features relevant to their assigned roles, enhancing data security and privacy. This section details the impact of RBAC on various Unravel pages with some examples, illustrating how access controls protect sensitive information and improve usability.
Certain pages in Unravel do not support RBAC by default. However, access to those pages can be restricted by configuring the Unravel properties. For more details on configuring the Unravel properties for the roles, see here.
Home page
The Home page displays overall data and potential savings opportunities across the organization.
RBAC is not supported by default on the Home page. However, access can be restricted to non-admin users through custom configuration in Unravel properties. With access restricted, non-admin users cannot view the Home page.
Cost page and subtabs (Trends, Drill-Downs, Budgets)
The Cost Explorer page and its subtabs provide detailed cost-related data and insights, including trends, drill-downs, and budget information.
The Cost Explorer page includes three tabs: Trends, Drill-Down (Chargeback), and Budgets. Like the Home page, the Cost page does not support RBAC by default. It needs to be configured by restricting users' access.
The Trends tab is viewable only by admin and read-only admin users by default.
The Drill-Down tab can be configured to restrict access to certain clusters, users, workspaces, and tags based on roles.
Access to the Budget tab can be restricted through Unravel properties.
Compute page
The Compute page provides a comprehensive view of all compute instances within the Databricks environment. It allows users to manage clusters, monitor performance, and analyze resource usage. The page includes detailed metrics, such as memory and CPU utilization, to help optimize cluster performance.
RBAC on the Compute page
RBAC can be enabled on all tabs on the Compute page.
Workflows Page
The Workflows page offers an interface for managing and monitoring Databricks jobs. Users can view job runs, track their status, and review execution details.
RBAC on the Workflows page
RBAC can be enabled on all the Jobs and Job Runs tabs. The Job Insights page is not RBAC supported by default. However, access can be restricted to non-admin user roles through Unravel properties.
RBAC on other pages
The Data, Reports, and Auto Actions pages do not support RBAC by default. However, the access can be restricted to certain users through configuring the Unravel properties.
Admin User
Access to All Pages
Admins have unrestricted access to all Unravel pages by default.
Access to All Workspaces
Admins can view and manage all workspaces, regardless of their specific roles or permissions.
Access to All Workspaces in Inefficient Page
Admins can see inefficient clusters across all workspaces on the Inefficient page.
Role 1 user
Limited Access to Pages
Let's assume a user with Role 1 has permission to access the Cost Explorer, Compute, and Workflows pages. This user can only view data related to the ubs_test_ws1 workspace and the inefficient clusters within that workspace.
Role1 users have restricted access to specific pages such as Cost Explorer, Compute, and Workflows.
Role1 users can only access the ubs_test_ws1 workspace.
Role1 users can only see inefficient clusters related to the ubs_test_ws1 workspace on the Inefficient page.
Role 2 User
Access to Compute and Workflows Pages
Let's assume a user with Role 2 has permission to access only the Compute and Workflows pages. This user can only view data related to the prakash_ubs_test workspace and the inefficient clusters within that workspace.
Access is only to the Compute and Workflows pages.
This user only has access to the prakash_ubs_test workspace.
This user can only see inefficient clusters related to the prakash_ubs_test workspace on the Inefficient page.
