Skip to main content
Version: v2.6

Security

The mpmX Databricks App implements a security model using access control lists (ACLs) to manage permissions for both the application itself and individual process scenarios. This ensures that users only have access to the data and functionality they need for their role.

Permission Levels​

The app distinguishes between three distinct user personas, each with progressively reduced privileges:

Application Admins​

Application Admins have the CAN MANAGE permission on the app itself. This is the highest privilege level and includes the following capabilities:

  • Full Application Access: Can open and navigate the entire application
  • Permission Management: Can modify permissions for other users and groups
  • Scenario Management: Can create, edit, and delete any process scenario
  • Data Access: Can read all computed mining models across all scenarios
  • Configuration Control: Can modify app-wide settings and configurations
info

A default application admin group is assigned during the app installation process. This group is configured in the installation Notebook and can be modified later through the app settings.

Process Admins​

Process Admins have the CAN MANAGE permission on specific process scenarios. This role provides scenario-level administrative capabilities:

  • Application Access: Can open the application and navigate to their assigned scenarios
  • Scenario Configuration: Can edit the process scenario, including all mining parameters and data source configurations
  • Permission Management: Can modify permissions for their specific process scenarios
  • Data Access: Can read the computed mining model for their assigned process scenarios
  • Task Management: Can start, stop, and monitor mining tasks for their scenarios

Data Consumers​

Data Consumers have the CAN USE permission on specific process scenarios. This is the most restricted role, designed for end users who need to analyze process data:

  • No Application Access: Data Consumers cannot open or navigate the main application interface.
  • Data Access: Can read the computed mining model for their assigned process scenario

Permission Assignment​

Permissions are managed through Databricks account groups, users and service principals and can be assigned at two levels:

  1. App-Level Permissions: Control access to the application itself
  2. Scenario-Level Permissions: Control access to specific process scenarios

To modify App-Level Permissions, navigate to the App Settings page where you can configure which principals have access to the application and individual scenarios.

To modify Scenario-Level Permissions, navigate to the Permissions page of the individual scenario where you can configure which principals have access to it.