Skip to content

Data Entitlements Quickstart

This page shows you how to create a group of users named dataScience, add users to that group, and entitle that group to query data from the database in the kxi-db package.

If necessary, follow the instructions referred to in the Downloading packages guide for details on how to download the kxi-db package.

Ensure you have met the prerequisites before using this quickstart.

Assuming you already have the kxi-db package deployed, do the following to configure entitlements

  1. Use the following command to create the dataScience group:

    kxi group create dataScience
    
  2. Assign groups to users:

    • For a new user you can add a group as part of the kxi user create command:

      kxi user create $USERNAME --password $PASSWORD --groups dataScience
      
      Replace the following variables with the appropriate values for your use case:

      • $USERNAME: Username to the assign group to.
      • $PASSWORD: Password for the new user.
    • For an existing user, you can use the kxi user assign-group command to assign a group:

      kxi user assign-groups $USERNAME --groups dataScience
      
      • $USERNAME: Username to the assign group to.

    Note

    Ensure the users you add to this group also have Viewer role because a user needs both role-based permissions and data entitlements for the kxi-db package to view data

  3. Entitle the dataScience group to query the data in the database:

    1. Start an interactive session for entitlement management by calling the kxi entitlement manage command:

      kxi entitlement manage
      
    2. The session lists entities that can be entitled. Use the tab or the up and down arrows to select the record with EntityType of assembly and Entity of kxi-db and press Enter.

    3. The session lists groups that can be entitled. Use the tab or the up and down arrows to select the dataScience group and press Enter.

    4. The session lists access levels that you can assign to groups. Use the up and down arrows to select Read and press the spacebar to select Read access and press Enter to save the changes.

      Note

      Package entitlements are the only entitlements type that enforces the different access levels. For data entitlements, you must ensure at least one of them is selected.

    5. The session displays a list of groups. The Access column is now set to R for the "dataScience" group.

    6. Press Ctrl+B to go back to the list of entities.

    7. Press Q to exit the interactive session.

    1. Find the Group ID provided by Keycloak for the new "dataScience" group.

      To do this, call the kxi entitlement actors command:

      kxi entitlement actors
      
      [
          {
              "id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX",
              "name": "dataScience",
              "path": "/dataScience"
          },
      ]
      
    2. Store the group ID defined in the id field to a variable called $GROUPID.

    3. Find the entitlement for the kxi-db package using kxi entitlement list.

      kxi entitlement list
      
      [
      {
          "id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX",
          "internalId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX",
          "entity": "kxi-db",
          "entityType": "assembly",
          "owner": {
              "id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX",
              "username": "ownername"
          },
          "groups": [],
          "users": []
      },
      ]
      
    4. Store the entitlement ID defined in the "id" field to a variable called $ID.

    5. Choose an access level and store it in a variable called $ACCESS. The access levels available are defined here.

      Note

      The package entitlements is the only entitlements type that enforces the different access levels. For data entitlements you just need to make sure at least one of them is selected.

    6. Add the group to the query entitlements for the kxi-db package.

      kxi entitlement assign-groups $ID assembly $GROUPID:$ACCESS
      

Refer to Change synchronization for details about the time kdb Insights Enterprise takes to action any updates

Refer to the kdb Insights CLI documentation for full details on the kxi entitlement command and Entitlements fields for an explanation of the fields returned by the commands executed above.

Next steps