Skip to content

How to govern an Instance Secret?

After an Instance Secret is created, a DataOS Operator can control and manage access to it.

To access an Instance Secret a user must have the following tag assigned:

  • roles:id:data-dev

Alternatively, a user must have the following use case assigned:

  • Manage All Instance-level Resources of DataOS in user layer

How to manage read-only or read-write access?

An operator can define users' access level when creating Instance Secrets by setting different ACL levels. To grant read-only access, the operator creates an Instance Secret with acl: r, while for both read and write access, they create one with acl: r and another with acl: rw.

How to assign a tag to a user?

Follow the below steps to assign a tag to a user:

  1. Go to the Bifrost app.

    Bifrost Governance
    DataOS Home

  2. Search for the user you want to assign the tag to.

    Bifrost Governance
    Bifrost Governance

  3. In the "tags" section, click "Add Role" and choose the tag you want to assign to the user. In this case, select "Data Dev - roles🆔data-dev".

    Bifrost Governance
    Bifrost Governance

How to assign a use case to a user?

Follow the below steps to assign a use case to a user:

  1. Go to the Bifrost app.

    Bifrost Governance
    DataOS Home

  2. Search for the user you want to assign the tag to.

    Bifrost Governance
    Bifrost Governance

  3. In the "Grants" section, click "Grant Use-case" and select the use-case you want to assign to the user.

    Bifrost Governance
    Bifrost Governance

Was this page helpful?