What's New: Projects, Groups, and Sensitive Data Protection
We are excited to announce that the following features are now available:
- New Projects Feature
- Streamline User Management with Groups
- Protect Sensitive Data
- Updated Viewer Permissions
In addition to these features, the Jobs page has moved to the Admin Center and the Users page has new styling.
Want to stay up-to-date on new features and improvements?
You can subscribe to the What's New RSS feed (https://cloud.docs.tamr.com/changelog.rss) in any RSS reader.
New Projects Feature
Our new projects feature provides improved organization and access control for resources and objects in Tamr Cloud.
A project is a collection of data products and sources. If you are using Tamr Realtime, projects also include workflows and destinations. These resources cannot be shared across projects. For example, when configuring a data product, you can only add sources that have been added to the same project.
You may want to create separate projects for each business unit or project team using Tamr Cloud.
The following diagram illustrates tenant-level and project-level resources.
See About Projects for more information.
Project Roles
In addition to tenant roles and data product roles, the project feature adds a new level of user permissions: project roles.
Tenant admins can add projects and assign project roles to control access to a project and its resources.
The following table defines the actions that are allowed by each project role: Admin, Editor, and Viewer.
| Project Roles | |||
| Action | Admin | Editor | Viewer |
| Projects | |||
| Assign project roles | β | β | β |
| View all projects | β | β | β |
| Edit project metadata | β | β | β |
| Delete projects | β | β | β |
| Sources | |||
| Add sources | β | β | β |
| View all sources | β | β | β |
| Edit sources | β | β | β |
| Delete sources | β | β | β |
| Data Products | |||
| Add data products | β | β | β |
| All other data product actions | Determined by data product role. | ||
| Workflows | |||
| Add, view, and manage workflows | β | β | β |
| Destinations | |||
| Add, view, and manage destinations | β | β | β |
A userβs project role determines their default (inherited) data product roles for the data products that belong to that project.
| Project Role | Inherited Data Product Roles | |||
| Admin | Developer | Curator | Viewer | |
| Admin | β | β | β | β |
| Editor | β | β | β | β |
| Viewer | β | β | β | β |
| No role | β | β | β | β |
See Project Roles for more information.
About the Default Project
With the release of projects, all existing data products, sources, workflows, and destinations are now organized into the Default Project.
You cannot move data products, sources, and other resources out of this default project, but you can create new projects going forward.
Usersβ project roles are inherited from their current tenant role.
See About Projects for more information.
Streamline User Management with Groups
You can now organize Tamr Cloud users into groups.
You can:
- Assign tenant roles to groups instead of individual users.
- Share projects and data products with groups, assigning groups to specific roles in each project and data product.
Keep in mind that a user has the highest granted role on the tenant. For example, if the user is granted the Editor role on the Users page, and is assigned to a group with the Admin role, the user has Admin permissions on the tenant.
The user also has all granted data product and project roles, whether they are granted to the user individually or as a group. For example, if the user is individually granted Curator and Viewer roles for a data product, and belongs to a group that is granted Developer access to the data product, the user has Developer, Curator, and Viewer permission on the data product.
See Managing Groups for more information.
Protect Sensitive Data
In all data products, you can mark attributes as containing sensitive information. Tamr hides the data in these attributes from users with data product Viewer access. Users with other access will continue to see these values.
For example, you may want to mark birth date, national ID, mobile phone, or other fields as sensitive.
On the Configure Data Product page, you can mark any pre-defined or custom attribute as sensitive. Unlike other data product configuration changes, marking a field as sensitive takes effect immediately on the Browse Data and 360 View pages.
If your tenant is configured with Tamr RealTime, sensitive field values are replaced with βRestrictedβ on the Browse > Data pages and in 360 View pages for uses with only Viewer access.
For example, in the data product below, the phone and email attributes are marked as sensitive.
Browse Data page
360 View page
If your tenant is not configured with RealTime and a data product is configured with sensitive fields, users with only Viewer access cannot see the Browse > Data pages or 360 View pages for that data product.
See Protecting Sensitive Data for more information.
Updated Viewer Permissions
As part of the new feature to mark attributes with sensitive data, the Viewer role is now more restrictive.
Viewers have view access to ONLY the 360 View pages for the data products to which they have access. This change impacts all users currently assigned the Viewer tenant role and/or Viewer data product role.
See User Roles and Permissions for more information.