Launching August 6: Projects, Groups, and Sensitive Data Protection
We are excited to announce that the following features will be released on August 6:
- New Projects Feature
- Streamline User Management with Groups
- Protect Sensitive Data
- Updated Viewer Permissions
In addition to these features, the Jobs page is moving to the Admin Center and you'll see new styling on the Users page.
Want to stay up-to-date on new features and improvements?
You can subscribe to the What's New RSS feed (https://cloud.docs.tamr.com/changelog.rss) in any RSS reader.
New Projects Feature
Our new projects feature will provide improved organization and access control for resources and objects in Tamr Cloud.
A project is a collection of data products and sources. If you are using Tamr Realtime, projects also include workflows and destinations. These resources cannot be shared across projects. For example, when configuring a data product, you can only add sources that have been added to the same project.
You may want to create separate projects for each business unit or project team using Tamr Cloud.
The following diagram illustrates tenant-level and project-level resources.
Project Roles
In addition to tenant roles and data product roles, the project feature will add a new level of user permissions: project roles.
Tenant admins will be able to add projects and assign project roles to control access to a project and its resources.
The following table defines the actions that will be allowed by each project role: Admin, Editor, and Viewer.
| Project Roles | |||
| Action | Admin | Editor | Viewer |
| Projects | |||
| Assign project roles | β | β | β |
| View all projects | β | β | β |
| Edit project metadata | β | β | β |
| Delete projects | β | β | β |
| Sources | |||
| Add sources | β | β | β |
| View all sources | β | β | β |
| Edit sources | β | β | β |
| Delete sources | β | β | β |
| Data Products | |||
| Add data products | β | β | β |
| All other data product actions | Determined by data product role. | ||
| Workflows | |||
| Add, view, and manage workflows | β | β | β |
| Destinations | |||
| Add, view, and manage destinations | β | β | β |
A userβs project role will determine their default (inherited) data product roles for the data products that belong to that project.
| Project Role | Inherited Data Product Roles | |||
| Admin | Developer | Curator | Viewer | |
| Admin | β | β | β | β |
| Editor | β | β | β | β |
| Viewer | β | β | β | β |
| No role | β | β | β | β |
About the Default Project
When projects is released, all existing data products, sources, workflows, and destinations will be organized into the Default Project.
You will not be able to move data products, sources, and other resources out of this default project, but you will be able to create new projects going forward.
Usersβ project roles will be inherited from their current tenant role.
Streamline User Management with Groups
You will soon be able to organize Tamr Cloud users into groups.
You will be able to:
- Assign tenant roles to groups instead of individual users.
- Share projects and data products with groups, assigning groups to specific roles in each project and data product.
Keep in mind that a user will have the highest granted role on the tenant. For example, if the user is granted the Editor role on the Users page, and is assigned to a group with the Admin role, the user will have Admin permissions on the tenant.
The user will also have all granted data product and project roles, whether they are granted to the user individually or as a group. For example, if the user is individually granted Curator and Viewer roles for a data product, and belongs to a group that is granted Developer access to the data product, the user will have Developer, Curator, and Viewer permission on the data product.
Protect Sensitive Data
In all data products, you will be able to mark attributes as containing sensitive information. Tamr will hide the data in these attributes from users with data product Viewer access. Users with other access will continue to see these values.
For example, you may want to mark birth date, national ID, mobile phone, or other fields as sensitive.
On the Configure Data Product page, you will be able to mark any pre-defined or custom attribute as sensitive. Unlike other data product configure changes, marking a field as sensitive will take effect immediately on the Browse Data and 360 View pages.
If your tenant is configured with Tamr RealTime, sensitive field values will be replaced with βRestrictedβ on the Browse > Data pages and in 360 View pages for uses with only Viewer access.
For example, in the data product below, the phone and email attributes are marked as sensitive.
Browse Data page
360 View page
If your tenant is not configured with RealTime and a data product is configured with sensitive fields, users with only Viewer access will not be able to see the Browse > Data pages or 360 View pages for that data product.
Updated Viewer Permissions
As part of the new feature to mark attributes with sensitive data, the Viewer role is becoming more restrictive.
Viewers will have view access to ONLY the 360 View pages for the data products to which they have access. This change will impact all users currently assigned the Viewer tenant role and/or Viewer data product role.