This guide covers how to manage identities and access control within the Pangolin UI.
Manage the lifecycle of human users in your tenant.
- Invite Users: Create accounts with a default role.
- Profile Details: View a user's role, home tenant, and recent activity.
- Revocation: Delete or deactivate users (Root/Admin only).
Pangolin uses a dynamic RBAC model to grant precise permissions.
The UI provides a dedicated Roles dashboard where you can:
- Define Roles: Create a "Data Scientist" or "Auditor" role.
- Assign Roles to Users: One user can hold multiple roles simultaneously.
When creating or editing a role, the UI provides a granular selector for:
- Action:
READ,WRITE,CREATE,DELETE,LIST,ALL(Full Access),MANAGE_DISCOVERY. - Scope Type:
System,Tenant,Catalog,Namespace,Table,View. - Target: The specific resource (e.g., the
financenamespace).
manage your session and programmatic access via JWT tokens.
From the Profile menu, users can:
- List Sessions: See all active web and API sessions.
- Revoke Tokens: Manually sign out other devices or rotate your current session.
Tenant Admins can view and revoke tokens for any user within their tenant to mitigate security incidents or during user offboarding.
Pangolin's UI seamlessly handles multiple authentication flows:
For local testing without an identity provider.
- Trigger: Set
PANGOLIN_NO_AUTH=trueandVITE_NO_AUTH=true. - Login: Use username
rootand passwordroot. - Behavior: Simulates a Root user session with full system access. Sessions persist across refreshes via local storage.
Username and Bcrypt-hashed password management for standard deployments.
One-click login with Google, GitHub, or Microsoft (configured in System Settings).