Manage user accounts¶
The DataRobot deployment provides support for local authentication users. These are user accounts you create manually (through APP ADMIN > Manage Users). DataRobot provides restrictions for login and password settings. The login credentials for these locally authenticated users are stored as fully qualified domain names.
Create user accounts¶
As an administrator, you create and add new users to your DataRobot installation. Use the following steps to create your own user account, and then repeat them for each additional user.
Expand the profile icon located in the upper right and click APP ADMIN > Users from the dropdown menu.
Click Create a user at the top of the displayed page.
In the displayed dialog, enter the username (i.e., email address), first name, and password for the new user (other account settings are optional at this point). If shown, selecting Require Clickthrough Agreement may be necessary for your cluster deployment.
Click Create user. If successful, you see the message "Account created successfully" and the username for the new account.
Click View user profile to view and configure user settings for this user, or click Close.
The new user will now be listed in the Users table. You can open the User Profile to see some important information including the user's application-assigned ID.
Set admin permissions for users¶
As an admin, you can set organization admin permissions for other DataRobot users within the application, including your personal user account. These permissions allow the recipient to enable or disable features per user, as needed. Visit the Settings page to see a list of available features; hover over a feature name for a brief description.
Below are the steps to enable administrator access for any user. This user will have administrator access to all DataRobot functionality configured for the application.
Consider and control how you provide admin settings to non-administrator users. One way to do this is to add settings only on an as-needed basis and then remove those settings when related tasks are completed.
From the Users page, locate the user and select to open the user's profile page.
Click Membership to display the organization and groups that the user is a member of.
Under the Organization header, check the box in the Org Admin column to enable organization admin permissions for the user.
This user can now modify settings for other users. At any point, if you want to disable these permissions for the user, uncheck the box; the user will no longer have administrator capabilities.
RBAC for users¶
Role-based access (RBAC) controls access to the DataRobot application by assigning users roles with designated privileges. The assigned role controls both what the user sees when using the application and which objects they have access to. RBAC is additive, so a user's permissions will be the sum of all permissions set at the user and group level.
To assign a user role:
From the Users page, locate and select the user to open their profile page.
Click the Permissions tab to view a list of settings and permissions.
Open the User roles dropdown menu and select the appropriate role(s) for the user.
When you're done, click Save changes.
Review the role and access definitions to understand the permissions enabled for each role.
Avoid granting access to specific features by assigning roles at the user-level because this makes managing permissions more difficult—causing you to have to modify several users, rather than a few groups, as well as increasing the possiblity of having users with non-standardized levels of access. Make sure access to features required to complete work are defined at the group- or org-level, and that the user is a member.
Note that RBAC overrides sharing-based role permissions. For example, consider a user is assigned the Viewer role via RBAC, which only has Read access to objects. If this user has a project shared with them that grants Owner permissions (which offers Read and Write access), the Viewer role takes priority and denies the user Write access.
You can change passwords for internal and local authentication user accounts. If your cluster uses LDAP authentication, you cannot change the password for any of the user types (individual users or the
email@example.com account). If you need help generating a new password for the default administrator, contact Customer Support.
Change your own password¶
To change your own password:
Expand the profile icon located in the upper right and click Settings.
In the displayed page, enter your current password and then the new password twice (to create and confirm. Click Change Password.
DataRobot enforces the following password policy:
- Only printable ASCII characters
- Minimum one capital letter
- Minimum one number
- Minimum 8 characters
- Maximum 512 characters
- Username and password cannot be the same
Change a user's password¶
From the APP ADMIN > Manage Users page, locate the user and click to open their profile.
Click Change Password.
In the displayed page, enter and confirm the new password.
When finished, click Change Password.
Manage membership in groups¶
Configuring groups ahelps you to manage users across the DataRobot platform. For more information, see:
Once created, you can add one or more users as members from the group creation page. To add users individually, follow the steps below.
Note that users can see which groups they belong to from the Membership page, but they do not have permissions to make changes to those memberships.
Browse to the Users page, select the user, and in User Profile click Membership. The User Membership page shows the currently configured groups for this user.
Work with the page as follows:
|Join groups (1)||Click to open the Add User to Groups dialog and enter the group name(s).||Users can have membership in up to ten groups.|
|Select Groups||Saves group assignments.||When successful, the dialog closes and the list updates to show the user's group membership (2).|
Deactivate user accounts¶
You cannot delete a user account from DataRobot—this ensures that your company's data is not lost, regardless of employee movement. However, the admin can block a user's access to DataRobot while ensuring the data and projects they worked on remain intact.
From APP ADMIN > Manage Users, locate the user:
- To deactivate, click the padlock icon next to their name, changing it to locked .
- To restore access, click the padlock icon to open .
You can also change user account access from Users > User Profile by clicking Enable User or Disable User.
View latest user activity¶
From the User Profile, you can quickly access the most recent app usage activities for the user.
- Click Recent activity (near the bottom of the page) to see the last five app activities recorded for this user. Clicking the refresh link updates the list of activities):
- Click View Activity to see the user activity monitor showing all app activities recorded for this user.