Within Paxata, you can setup your tenant a public or private tenant.  A public tenant means that anything added or created within Paxata is seen by anybody that can access that particular Paxata tenant.  This is a good option for training tenants, skills labs, public data repositories, or small groups/companies needing interdepartmental data access.

The other option is a private tenant where a security model is introduced to protect and secure access to both the Paxata Library & Paxata Projects.  Administrators can use the Paxata security model or integrate Paxata into an enterprise security model.  

Once the user strategy has been defined, you can organize the users and manage them by assigning groups.  This is a way to quickly configure Project or dataset resource-level permissions for several people.

To setup a group, do the following:
1. Go to the left menu option and choose Admin
2. On the left side menu, click on Groups
3. Click on the + button to the right of the Groups Panel to create a new group


From here, you will see the Create Group Panel.  To define the individual group:
1.  Enter the name of the group & add a sample description. This will help you manage variations of the same group or to distinguish one group from the next.

2.  Go to the Add Member drop down. When you click on the drop down, you will see all the users within Paxata. Pick and choose the user, and repeat the action until all users are added to the group.  For help on setting up Paxata Users, click here.

3.  Click on the save button.  

This will now create your new group.  From there, you can use the group settings to:

• Share which database configuration files they can access.  This will control from which sources they can import and/or export data
• Share which existing library datasets they can view.  Users will not be able to view any datasets that exist in the library unless they have been granted access. 
• Share which projects they can view.  Users will not be able to view any projects that exist unless they have been granted access.  

Within each of these options, you can control the level of access at the group level.  Consideration factors include:

Database configuration files

• Can they use the account that is defined in the connector?
• Can they import data, or just see the source of where the data originated?
• Can they export data and where? Export data as a local file? Do I give them access to write back to the database?

Library Datasets

• Which datasets can they view? Do I want them to view the entire history or the most recent file?
• Do I want them to change the metadata? 
• Do I want them to update the datafile?
• Do I want them to be able to delete the datafile?
• Do I want them to be able to export the data?

Projects

• Which projects do I want them to see?
• Do I want them to be able to refresh the project?
• Do I want them to only have read-only access to the project or be able to update the project?
• Do I want them to delete the project

These are the design considerations you will need to think through as you are setting up your groups.  The answer to these questions will help you determine if a single group will be sufficient, or if you will need to create variations of the items discussed to meet all the security needs.  Paxata can also be integrated with LDAP groups, so the enterprise security requirements should also be taken into consideration.  

You can always edit/change or revise membership of these groups.  As your strategy and requirements evolve, Paxata can grow with your needs.