Group workflows

The HERE platform allows you to work in teams using groups. Organization and group admins can create and manage groups, add or remove apps, and add or remove users to or from a group.

The platform uses groups to manage pipeline access to layers. Apps can only write to output layers if they are part of an authorized group. For more information, see the Identity & Access Management Guide.

The OLP CLI provides tools for managing groups, such as:

Create a new group
Add an app to a group
Add an admin user to a group
Grant group permissions for a catalog
Revoke group permissions for a catalog
Delete a group

For more details, see group commands.

Create a new group

Follow the steps below to create a new group.

Enter the olp group create command.

    olp group create olpcli-test-group-workflow

To verify the group is available, enter the olp group list command.

    olp group list olpcli-test-group-workflow

The command displays the following results.

    Available groups:

    ID                                              name
    GROUP-221718b7-926f-4a9c-940c-6a4a221002ff      olpcli-test-group-workflow

Add an app to a group

Follow the steps below to add an app to a group.

Take an app id from credentials.properties file.

    ...
    here.client.id = N5Rwwo7vCbKZ5LkNeJfO
    ...

For information on how to obtain your access credentials, see the Credentials setup chapter.

Enter the olp group member add command.

    olp group member add GROUP-221718b7-926f-4a9c-940c-6a4a221002ff \
     --app N5Rwwo7vCbKZ5LkNeJfO

    olp group member add GROUP-221718b7-926f-4a9c-940c-6a4a221002ff ^
    --app N5Rwwo7vCbKZ5LkNeJfO

To verify the app is added, enter the olp group member list command.

    olp group member list GROUP-221718b7-926f-4a9c-940c-6a4a221002ff

The command displays the following results.

Available group members:

    type           HRN                                                                            ID                                         name
    app            hrn:here:account::org:app/N5Rwwo7vCbKZ5LkNeJfO                       N5Rwwo7vCbKZ5LkNeJfO                       olp-cli-app

Make a user a group admin

Follow the steps below to make a user a group admin.

Take a user id from credentials.properties file.

    ...
    here.user.id = HERE-3c30a9c3-e75d-4c54-ad5c-eac9b3809608
    ...

For information on how to obtain your access credentials, see the Credentials setup chapter.

Enter the olp group admin add command.

    olp group admin add GROUP-221718b7-926f-4a9c-940c-6a4a221002ff \
     --user HERE-3c30a9c3-e75d-4c54-ad5c-eac9b3809608

    olp group admin add GROUP-221718b7-926f-4a9c-940c-6a4a221002ff ^
    --user HERE-3c30a9c3-e75d-4c54-ad5c-eac9b3809608

To verify the user is an admin, enter the olp group admin list command.

    olp group admin list GROUP-221718b7-926f-4a9c-940c-6a4a221002ff

The command displays the following results.

type           HRN                                                                            ID                                         name
    user           hrn:here:account::org:user/HERE-3c30a9c3-e75d-4c54-ad5c-eac9b3809608 HERE-3c30a9c3-e75d-4c54-ad5c-eac9b3809608  John Doe

Grant group permission for a catalog

Use your own pre-created catalog. For more information on creating catalogs, see the olp catalog create command.

To share a catalog with a specific group, enter the olp catalog permission grant command.

olp catalog permission grant hrn:here:data::org:olpclitestcatalog \
 --group GROUP-221718b7-926f-4a9c-940c-6a4a221002ff --read --write

olp catalog permission grant hrn:here:data::org:olpclitestcatalog ^
--group GROUP-221718b7-926f-4a9c-940c-6a4a221002ff --read --write

The command displays the following results.

Granted access for a group GROUP-221718b7-926f-4a9c-940c-6a4a221002ff to catalog hrn:here:data::org:olpclitestcatalog

Revoke group permission for a catalog

To remove catalog access from a group, enter the olp catalog permission revoke command.

olp catalog permission revoke hrn:here:data::org:olpclitestcatalog \
 --group GROUP-221718b7-926f-4a9c-940c-6a4a221002ff

olp catalog permission revoke hrn:here:data::org:olpclitestcatalog ^
--group GROUP-221718b7-926f-4a9c-940c-6a4a221002ff

This command displays the following results.

Revoked access for group GROUP-221718b7-926f-4a9c-940c-6a4a221002ff to catalog hrn:here:data::org:olpclitestcatalog

Delete a group

Enter the olp group delete command and specify the group ID.

olp group delete GROUP-221718b7-926f-4a9c-940c-6a4a221002ff

The command displays the following results.

Group GROUP-221718b7-926f-4a9c-940c-6a4a221002ff has been deleted

To get a full list of available commands, enter olp --help.

Updated 22 days ago