Organization Settings
Organizations contain user accounts within a single tenant on the Tetra Data Platform (TDP). Your user account's organization (for example, TetraScience) displays at the top left of the TDP user interface under ORGANIZATION. If you belong to more than one organization, you can select the organization name to open a search dialog that allows you to search for and switch to the other organizations that you belong to by entering either their orgslug or name.
To view and manage your membership in one or more organizations, see Account Details.
Organization administrators can configure the following actions at the organization level on the Organization Settings page:
- Rename an organization
- Configure default search settings
- Configure compliance settings
- Configure data access rules
- Manage user accounts
- Manage service users
Organization administrators can also Create and manage organizations by using the Manage Organizations page.
NOTE
All TDP organizations have the following attributes:
- Organization name
- Organization slug (orgslug: A unique identifier used to call an API endpoint, or to create a self-service Tetra Data pipeline)
- Associated user accounts, including user account names, emails, roles, and statuses
Access Organization Settings
To view your organization's current settings, do the following:
IMPORTANT
To configure organization settings, you must sign in to the TDP as an Org Admin user.
- Sign in to the TDP as a user with an Org Admin role.
- In the left navigation menu, choose Administration. Then, choose Organization Settings. The Organization Settings page appears.
NOTE
The organization's name, compliance settings, and slug display at the top of the page. Login Users and Service Users are listed in separate tabs, which include information about their roles, statuses, and JSON Web Tokens (JWTs).
Rename an Organization
To rename an existing organization, do the following:
- Open the Organization Settings page as a user with an Org Admin role.
- On the Settings tab, in the ORGANIZATION NAME section, select the Edit button. A Rename Organization dialog appears.
- For ORGANIZATION NAME, enter the organization's new name.
- Choose Rename.
Configure Default Search Settings for an Organization
To configure default Search settings for you organization, do the following:
- Open the Organization Settings page as a user with an Org Admin role.
- On the Settings tab, in the SEARCH section, select the Edit button. An Edit Search dialog appears.
- Select default search settings for your organization. For more information, see Filter Options for Search.
- Choose Next. A DEFAULT SEARCH COLUMNS pane appears. This pane lets you rename the columns in your default search results or adjust their width, if desired. You can either use and edit any of the default, recommended search columns provided, or select the Use Custom Columns toggle to create your own search result columns, which also provide the ability to hide specific columns.
- Choose Finish.
NOTE
When you use recommended columns, the system will automatically generate columns based on the filters you're using. New columns will be automatically added or removed when the filters are changed. You can adjust the order and width of the columns, but you can not add or remove columns. When you use custom columns, you must manually add or remove columns. Columns will remain unchanged when filters are changed. You can specify the text of the column heading as well as modify the columns' order and widths.
Configure Compliance Settings for an Organization
IMPORTANT
Make sure that you deactivate the Audit Trail for development environments only. If you deactivate the Audit Trail for production environments, you may not be able to satisfy GxP quality guidelines and regulations.
To activate or deactivate Audit Trail settings for an organization, or to require users to enter a reason for changes to your organization's Audit Trail, do the following:
- Open the Organization Settings page as a user with an Org Admin role.
- On the Settings tab, in the AUDIT TRAIL section, select the Edit button. An Edit Audit Trail Settings dialog appears.
- Configure the following settings:
- To reactivate the Audit Trail feature for an organization, move the Audit Trail toggle to the right. (The Audit Trail feature is activated for all organizations by default when they're created.)
- To deactivate the Audit Trail feature for an organization, move the Audit Trail toggle to the left.
- To require users to enter a reason for changes to the organization's Audit Trail in the TDP user interface, move the Change Reason Enabled in Audit Trail (Requires GxP license) toggle to the right.
- Choose Save.
For more information, see Compliance Settings.
NOTE
The Audit Trail feature is activated for each organization by default. Requiring a Change Reason for Audit Trail changes is an optional setting that requires a GxP license through TetraScience, and isn't activated by default.
Configure Data Access Rules for an Organization
To provide more control over who has access to specific data sets within a TDP organization, organization administrators can define metadata-driven Data Access Rules through Access Groups. By activating Data Access Rules, organization admins can then configure data access permissions for multiple users through Access Groups based on specific file attributes.
Activate Data Access Rules for an Organization
IMPORTANT
Data access remains open to all TDP users within an organization until an organization administrator configures Access Groups for that organization. After access groups are activated for an organization, all users within that organization must be assigned to an access group; otherwise, they won’t have access to the TDP.
To activate Data Access Rules for an organization, do the following:
- Open the Organization Settings page as a user with an Org Admin role.
- On the Settings tab, in the DATA ACCESS RULES section, select the Edit button. The Edit Data Access Rules Settings dialog appears.
- Move the Data Access Rules toggle to the right. Then, choose Save.
- Configure Access Groups by following the instructions in Create Access Groups.
Create Access Groups
To create an Access Group and configure Data Access Rules for its members, do the following:
Step 1: Create an Access Group and Configure Its Data Access Rules
- Open the Organization Settings page as a user with an Org Admin role.
- Choose the Access Groups tab. The Access Groups tab appears.
- Choose Add Access Group. The Add Access Group dialog appears and displays a Properties section.
- For ACCESS GROUP NAME, enter a name for the access group.
- For ACCESS GROUP DESCRIPTION, enter a brief description of the access group.
- (Optional) To have the new access group activated immediately after it's created, move the ENABLE ACCESS GROUP toggle to the right.
- Choose Next. The Data Access Rules section appears.
- Configure DATA ACCESS RULES for the access group by doing the following:
- In the AND field, either select the Boolean operator that you want to apply to the data access rule (AND or OR), or choose ALL to grant the access group access to all of the organization's data.
IMPORTANT
It's recommended that organization administrators do the following:
- First create an Access Group for your own Org Admin account that includes the ALL access rule. This ensures that you aren't locked out of any of your organization's data after Data Access Rules are activated.
- Add all service tokens that your organization's Agents, Connectors, or applications use to either an access group that includes the ALL access rule or other groups so that they continue to have access to data.
- In the Select a filter type field, select an attribute filter type for the rule. Two additional fields appear to the right of the filter type.
- In the is field, select if you want the rule to match the filter value (is), or if you want the rule to exclude group users from viewing files that include the filter value (is not).
- In the blank field that appears to the right, select a value for the filter.
- In the AND field, either select the Boolean operator that you want to apply to the data access rule (AND or OR), or choose ALL to grant the access group access to all of the organization's data.
- (Optional) To add more data access rules, select the plus (+) icon. Then, configure the new rule(s) by repeating step 8.
- Choose Finish.
Step 2: Add Users to the Access Group
- Open the Organization Settings page as a user with an Org Admin role.
- Choose the Access Groups tab. The Access Groups tab appears and displays the new access group that you created.
- Select the new access group. Then, select the Users tab.
- Choose Add Users. A list of all of the login users within the organization appears.
- Select the check box next to the login users that you want to add to the access group.
- Choose Save.
Edit an Access Group
To edit an Access Group and configure Data Access Rules for its members, do the following:
- Open the Organization Settings page as a user with an Org Admin role.
- Choose the Access Groups tab. Then, in the ACCESS GROUPS section, select the access group that you want to edit.
- In the ACTIONS section, choose Edit Access Group. The Edit Access Group dialog appears.
- Edit the access group's name and description. Then, choose Next.
- Edit the access group's data access rules. For instructions, see step 8 in Create Access Groups.
- Choose Finish.
NOTE
Non-admin users can view the Data Access Rules for the Access Groups they belong to under My Account in the TDP user interface.
Delete an Access Group
To delete an Access Group, do the following:
- Open the Organization Settings page as a user with an Org Admin role.
- Choose the Access Groups tab. Then, in the ACCESS GROUPS section, select the access group that you want to delete.
- In the ACTIONS section, choose Delete Access Group. A dialog appears that asks you to confirm that you want to delete the access group.
- Choose OK.
Manage User Accounts
Organization administrators can manage User accounts through the following actions on the Organiztion Settings page in the Login Users tab:
- Add a new user
- Edit a user role
- Deactivate or delete a user account
- Activate a deactivated user account
- Reset user account passwords
- Log out an active user
Filter User Accounts
To filter the list of user accounts on the Organization Settings page, you can do any of the following:
- To search for a specific user, enter their username in the USER column search box.
- To display users by their role type, select the role type that you want to filter by from the USER ROLE column drop-down list.
- To display either active or inactive users on the list only, chose either Active or Disabled from the USER STATUS column drop-down list.
- To display users by their personal JSON Web Token (JWT) status, select the token status that you want to filter by from the TOKEN STATUS column drop-down list.
- To display users by the date that their personal JWT was created, select the date that you want to filter by from the TOKEN CREATED column drop-down list.
- To display users by the date their personal JWT expired, select the date that you want to filter by from the TOKEN EXPIRY column drop-down list.
Add a New User
To create a new user within an organization, do the following:
- Open the Organization Settings page as a user with an Org Admin role.
- On the Login Users tab, choose Add Login User. The Create Login User dialog appears.
- Add the first name, last name, email, and password for the new user. Then, assign an organization role to the user.
- Choose Create.
NOTE
As an Org Admin, you can allow users to be members of multiple organizations with different permissions. You can also customize access to the TDP for sensitive projects and teams specific to your company. When a user first logs in to the TDP, the user defaults to the organization with the highest level of access. If multiple organizations exist with the same level of access, then their access defaults to one of the listed organizations, based on alphabetical order.
Edit a User Role
To edit a login user's organizational role, do the following:
- Open the Organization Settings page as a user with an Org Admin role.
- Select the Login Users tab. A list of all of the current organization's login users appears.
- Locate the user that you want to edit. Then, on the right of that user's row, select the hamburger menu icon. A menu appears.
- Choose Edit User. The Edit Login User dialog appears.
- Select an organizational role for the user.
- Choose Save.
Deactivate or Delete a User Account
NOTE
You can deactivate a user's account to a particular organization. If the same user has access to multiple organizations, then their access to those other organizations isn't deactivated.
To deactivate or delete a login user's account, do the following:
-
Open the Organization Settings page as a user with an Org Admin role.
-
Select the Login Users tab. A list of all of the current organization's login users appears.
-
Locate the user that you want to deactivate or delete. Then, on the right of that user's row, select the hamburger menu icon.
-
To deactivate the user's account, choose Disable User.
-or-
To delete the user's account, choose Delete User.
-
A warning message appears that asks you to confirm the action. To confirm the action, choose OK.
IMPORTANT
If you delete a user's account, you can't reactivate it. Instead, you must create a new user account for the user to reactivate them.
Activate a Deactivated User Account
To activate a deactivated login user's account, do the following:
- Open the Organization Settings page as a user with an Org Admin role.
- Select the Login Users tab. A list of all of the current organization's login users appears.
- Locate the user that you want to reactivate. Then, on the right of that user's row, select the hamburger menu icon. A menu appears.
- Select Enable User.
Reset User Account Passwords
To request that a login user resets their account password, do the following:
- Open the Organization Settings page as a user with an Org Admin role.
- Select the Login Users tab. A list of all of the current organization's login users appears.
- Locate the user whose password you want to reset. Then, on the right of that user's row, select the hamburger menu icon. A menu appears.
- Choose Reset password. A warning message appears that asks you to confirm that you want to send the user an email to reset their TDP password.
- Choose OK.
Log Out an Active User
To force an active user to log out, do the following:
- Open the Organization Settings page as a user with an Org Admin role.
- Select the Login Users tab. A list of all of the current organization's login users appears.
- Locate the user that you want to force to log out. Then, on the right of that user's row, select the hamburger menu icon. A menu appears.
- Choose Log Out User. A dialog appears asking you to confirm that you want to force the selected login user to log out.
- Choose OK.
Manage Service Users
Organization administrators can manage Service User accounts (service accounts for applications integrated with the TDP) through the following actions on the Organiztion Settings page:
- Add a service user
- Edit a service user role
- Deactivate or delete a service user
- Activate a service user
- Generate a JWT for a service user
Service Users Tab Fields
The following table describes the fields in the Service Users tab.
| Field | Description |
|---|---|
| + Add Service User | Add a service user |
| Hamburger menu | Edit User, Disable user, Generate Token |
| User | Lists the user name (includes a search field) |
| User Role | Filters the list of users to display on the page: Administrator, Member, or Read Only. Note: Select All (default) to show all user accounts |
| User Status | Filters the list of users to display on the page: Active or Disabled. Select All (default) to show all user accounts. |
| Token | Displays the token generated for the service user (you can copy the token to your clipboard) |
| Token Status | Filters the list of users to display on the page: Active, Disabled, Expired or No Token user accounts Note: Select All (default) to show all user accounts |
| Token Created | Indicates when the token was created |
| Token Expiry | Indicates the expiration date for the token, if there is one (has a date filter) |
Add a Service User
To add a new service user, do the following:
- Open the Organization Settings page as a user with an Org Admin role.
- Select the Service Users tab. A list of all of the current organization's service users appears.
- Choose Add Service User. The Add Service User dialog appears.
- For NAME, enter a name for the service user.
- For ORGANIZATIONAL ROLE, choose a role for the service user.
- For TOKEN EXPIRES, enter the amount of time in days that the service user's access token automatically expires. You can choose any expiration period between
1and720days. An expiration date is required for all access tokens. - Choose Add.
Edit a Service User Role
To edit an existing service user role, do the following:
- Open the Organization Settings page as a user with an Org Admin role.
- Select the Service Users tab. A list of all of the current organization's service users appears.
- Locate the service user that you want to edit. Then, on the right of that service user's row, select the hamburger menu icon. A menu appears.
- Choose Edit User. The Edit Service User dialog appears.
- Select an organizational role for the service user.
- Choose Edit. Then, edit the service user's role.
Deactivate or Delete a Service User
To deactivate or delete a service user account, do the following:
-
Open the Organization Settings page as a user with an Org Admin role.
-
Select the Service Users tab. A list of all of the current organization's service users appears.
-
Locate the service user that you want to deactivate or delete. Then, on the right of that user's row, select the hamburger menu icon. A menu appears.
-
To deactivate the server user's account, choose Disable User.
-or-
To delete the service user's account, choose Delete User.
Activate a Service User
To activate a service user account, do the following:
- Open the Organization Settings page as a user with an Org Admin role.
- Select the Service Users tab. A list of all of the current organization's service users appears.
- Locate the service user that you want to activate. Then, on the right of that service user's row, select the hamburger menu icon. A menu appears.
- Select Enable User.
Generate a JWT for a Service User
NOTE
You can generate a JWT for a service account, regardless of your TDP user role.
To generate a JSON Web Token (JWT) for a service user account, do the following:
- Open the Organization Settings page.
- Select the Service Users tab. A list of all of the current organization's service users appears.
- Locate the service user that you want to generate a JWT for. Then, on the right of that service user's row, select the hamburger menu icon. A menu appears.
- Choose Generate Token. The Generate New Token dialog appears.
- In the TOKEN EXPIRES field, enter the number of days that you want the token to be valid for (
1to720days). - ChooseGenerate token.
- Choose Copy Token to copy the token to your clipboard.
- Choose OK.
IMPORTANT
For security reasons, the OAuth 2.0 authentication method introduced in TDP v4.0.0 doesn’t allow the following:
- Non-expiring Service User tokens are no longer allowed. All access tokens must have an expiration date.
- Users can no longer copy access tokens from the TDP user interface after a token is generated. Users can now copy access tokens when they’re first generated only.
Updated 3 months ago