Skip to main content

Managing Users & Entitlements

This guide covers the full user lifecycle in the CloudQuant Data Liberator admin portal — from onboarding a new account to assigning and revoking dataset access.

Prerequisites

  • Super Admin role for creating users, editing details, assigning entitlements, and deactivating users
  • Admin or Super Admin role to add existing user accounts to the permissions system
Navigate to Users in the admin portal sidebar.

User Lifecycle

Creating a New User

Super Admins can create a brand-new account directly from the Users page.
1

Open Create User

Click Create User in the top-right of the Users page.
2

Enter account details

Fill in the required fields:
  • Username — unique login identifier
  • Email
  • First name and Last name
  • Company — select an existing company or type a new one
  • Password — minimum 8 characters; use the generate button for a secure password
3

Submit

Click Create. The platform account is created. Use Add Users (below) to enroll the account in the Liberator permissions system if it does not appear automatically.

Adding Users to Liberator

Before a user can receive dataset entitlements, their account must exist in the Liberator permissions system. Use Add Users to enroll accounts that are not yet active in Liberator.
1

Open Add Users

Click Add Users on the Users page.
2

Select from Available Users

The Available Users tab lists enabled accounts that are not yet in the permissions system. Use the column filters to search by name or email, select one or more users, then click Add.
3

Re-activate deactivated users (optional)

The Deactivated Users tab lists previously deactivated accounts. Select users and click Re-activate to restore their Liberator enrollment. You will still need to re-assign entitlements if they were removed during deactivation.
You can add multiple users in a single operation. Selected users appear as pills above the table for easy review before confirming.

Editing User Details

Super Admins can update profile information and platform roles from the Users table.
1

Open the edit dialog

In the Actions column, click the edit icon for the target user.
2

Update fields

Modify any of:
  • First name, last name, email, company
  • User RoleUser, Admin, or Super Admin (you can only assign roles at or below your own level)
  • Password — optionally set a temporary password (copied to clipboard on save)
3

Save

Click Save Changes.

Assigning Dataset Entitlements

Entitlements control which datasets a user can query. Super Admins manage entitlements through the Data Permissions dialog.
1

Open Data Permissions

In the Users table Actions column, click the data-permissions icon for the target user.
2

Select datasets and groups

The permissions table lists all datasets and dataset groups. Check the rows you want to grant:
  • Dataset rows grant access to a single dataset
  • Group rows grant access to every dataset in that dataset group
Selected items appear as pills above the table. Remove a pill to revoke that entitlement.
3

Save changes

Click Save Changes and confirm. Changes take effect immediately for the user’s next query.

Inherited (Locked) Datasets

If a user has connection-level entitlements, all datasets in that connection are automatically included. These datasets:
  • Appear with a lock icon in the permissions table
  • Show as (locked) on their selection pill
  • Cannot be individually deselected until the connection entitlement is removed
Connection entitlements are typically managed through connection-level permission settings rather than the per-user dataset table.

Viewing a User’s Access

Click the View action on any user to open a read-only summary of their connections, datasets, groups, and role. Super Admins also see a JSON tab with the raw permissions payload.

Removing Entitlements

To revoke dataset or group access:
  1. Open Data Permissions for the user.
  2. Deselect the dataset or group row in the table, or click the remove button on its pill.
  3. Click Save Changes.
Removing a dataset entitlement also removes any fine-grained permission rules attached to that dataset. See Fine-Grained Permissions for details.
Deselecting a dataset group removes the group entitlement but does not affect individually assigned datasets within that group unless you deselect those rows separately.

Deactivating Users

Deactivation removes a user from the active Liberator permissions system. The user account is disabled and the user’s permissions row is deleted on the backend.

Single User

1

Deactivate from the Users table

Click the delete icon in the Actions column, or open Data Permissions and click the trash icon in the modal header.
2

Confirm

Confirm the deactivation. The user moves to the Deactivated Users tab in the Add Users dialog.

Bulk Deactivation

Super Admins can deactivate multiple users at once:
  1. Select users using the checkboxes in the rightmost column.
  2. Click Deactivate Selected.
  3. Type DEACTIVATE to confirm.
You cannot deactivate your own account. Bulk deactivation requires Super Admin role.

Re-activating Users

  1. Click Add Users on the Users page.
  2. Switch to the Deactivated Users tab.
  3. Select the users to restore and click Re-activate.
  4. Re-assign any dataset entitlements and fine-grained rules that were removed during deactivation.

Verifying Entitlements (End User)

Users can confirm their access from Python: 
# Datasets the user is entitled to query
liberator.datasets(entitled=True)

# All datasets (including those without access)
liberator.datasets(entitled=False)
See Checking Dataset Access for schema and detail commands.

Common Tasks

TaskWhereRequired role
Create a new accountUsers → Create UserSuper Admin
Enroll an existing accountUsers → Add UsersAdmin or Super Admin
Grant dataset accessUsers → Data PermissionsSuper Admin
Revoke dataset accessUsers → Data Permissions → deselectSuper Admin
Change platform roleUsers → EditSuper Admin
Deactivate a userUsers → delete actionSuper Admin
Re-activate a userUsers → Add Users → Deactivated tabAdmin or Super Admin