Permissions and permission sets
As of v922, Tonic now uses permissions and permission sets to manage access to Tonic features and functions.
A permission controls access to a single feature or function. A permission set is a saved collection of permissions.Tonic provides built-in global and workspace permission sets. You cannot change the configuration of built-in permission sets. Enterprise instances can create custom permission sets.
Global permission sets contain global permissions, which control access to actions outside the context of a specific workspace. The built-in Admin global permission set grants access to all global permissions. Users and groups configured in the TONIC_ADMINISTRATORS environment variable are granted the Admin (Environment) global permission set, which also grants access to all global permissions. These global permission sets replace the previous admin user concept.
The built-in General User global permission set is assigned to all Tonic users, and grants access to create workspaces. You can also designate a different global permission set to assign to all Tonic users.
Workspace permission sets are assigned in the context of a specific workspace. They provide access to workspace permissions, which are associated with workspace management functions. The built-in workspace permission sets (Manager, Editor, Viewer Auditor) mirror the previous workspace roles. Similar to the previous Owner role, the Manager workspace permission set is granted access to all workspace permissions. However, unlike the Owner role, the Manager workspace permission set can be assigned to any user or group. You use the workspace sharing function to assign workspace permission sets within a workspace.
Each workspace has a single owner. The user who creates the workspace is the initial owner. All owners are by default granted the Manager workspace permission set. You can also designate a different workspace permission set to assign to workspace owners. You use the transfer ownership function to select a different owner for a workspace.
On Tonic Settings view, the User Management tab is replaced by the Access Management tab. From the Access Management tab, you can:
- View and manage the list of Tonic users
- If you use SSO, view a list of SSO groups
- View, configure, and manage access to global permission sets
- View and configure workspace permission sets
API endpoint to track user access and permissions
A new API endpoint to track the following events related to user access and permissions:
- A user account is created.
- A user account is removed.
- A user logs in to Tonic.
- A permission is added to or removed from a permission set.
- A permission set is assigned to or removed from a user. This might be a global permission set, or a workspace permission set in the context of a specific workspace.
- A generator preset is updated.
The endpoint is:GET /api/audit-events/search
Other updates
You can now assign the Business Name generator as a sub-generator for the Regex Mask generator.
For subsetting, Graph View and the table details panel now display information about cycle breaks, when the subsetting process needs to break a circular dependency.
Databricks
- Fixed an issue that prevented the use of partition filters in Databricks Unity Catalog workspaces.
File connector
- When a file connector workspace is deleted, Tonic now deletes files that were uploaded from a local file system.
Spark
- Fixed an issue with data generation for workspaces that use Hive.
