Nitro Application User Management

To access Nitro quicker and more easily, admins can create a Nitro Application User that allows users to log in once to access all the Nitro applications, for example, Nitro Admin Console and Nitro databases (Redshift) for which they have permissions.

  • Admins can manage access to Nitro applications for a user by assigning it to an application role
  • Admins can create, enable, disable, edit, and view users in the NAC

The following application roles are available:

Role

Application

Scope

Description

System Admin

Nitro Admin Console

Cluster

Create and edit  connectors, jobs, schedules, file triggers, job orchestrations, and users.

Data Admin

Nitro Admin Console

Cluster

Create and edit connectors, jobs, schedules, file triggers, and job orchestrations. This role does not allow creating or editing users. 

Viewer

Nitro Admin Console

Cluster

View the connectors, jobs, schedules, file triggers, job orchestrations and users. 

Data Admin

Nitro Admin Console

Instance

Only applicable when the viewer role for the cluster is selected. User is a viewer but in the selected instances, they can also create and edit connectors, jobs, schedules, file triggers, and job orchestrations.

Data Admin

Nitro DB

Instance

Read all tables and execute SQL commands such as create, insert, update, and delete to all tables except tables under the ODS schema.

Data Viewer

Nitro DB

Instance

Read all tables.

BI Access

Nitro DB

Instance

Read tables under report current, report history, and DDS. 
FTP Access FTP Instance Access folders under a selected FTP instance.

Creating a Nitro Application User

To create a user:

  1. Log into the NAC.

  2. Select Application Users from the Users menu.

  3. Select New User.

  4. Enter the new user details.

  5. Add the required information to the Nitro Admin Console and Nitro DB tabs, depending on the type(s) of access desired.

  6. Select Save. A welcome email is sent to the new user.

Assigning Roles to Nitro Application Users

To assign an FTP role for instances to a user:

  1. Log into the NAC.

  2. Select Users > Application Users from the side menu.

  3. Select the application user you want to update.

  4. Select Edit.

  5. Set the FTP value to FTP Access for the instance you want to grant access to.

  6. Select Save. The user can now log into the SFTP server using their Nitro login credentials to access all folders under the selected instance.

Disabling a Nitro Application User

To disable a user:

This disables both NAC and FTP access for the specified user.

  1. Log into the NAC.

  2. Select Application Users from the Users menu.

  3. Select the User Name you want to disable.

  4. Select Edit.

  5. Deselect the Active check box.

    If the user has active job schedules or file triggers a warning message displays.

  6. Select Save.

Resetting Nitro Passwords

To reset your Nitro password:

  1. Select the Forgot Password link on the Nitro login page.

  2. Enter the user name associated with your Veeva Nitro account.

  3. Select Continue. A reset password email is sent to the email associated with your account.

  4. Select the Reset Password link in the email.

  5. Enter a new password and retype the password.

  6. Select Submit.

Assigning Roles to a Connector

Admins can assign a user role at the connector level on the Nitro Redshift Database, allowing admins more granular security on the data assets by restricting access to only users who require it.

To assign a connector role to a user:

  1. Log into the NAC.

  2. Select Application Users from the Users menu.

  3. Select Edit next to the user you want to assign a connector role to.

  4. Select the Nitro DB tab.

  5. Select the Connector Roles tab.

  6. Select a connector role for the user for the appropriate instance.

  7. Select Save.

Syncing Revoked IDP Users with NAC Users

Admins can sync deactivated users in a corporate IDP with their NAC users. This allows admins to easily sync user IDs with Nitro when a user is removed from their corporate IDP.

To sync deactivated Nitro users:

  1. Generate a Nitro API key.
  2. Submit the following request payload to the Nitro API from the corporate IDP with an email address parameter to deactivate the mapped Nitro application user.

For example:

Copy 
curl --location --request PUT ‘URL/api/v1/admin/users/deactivate' \
--header 'Authorization: [API key]’ \
--header 'Content-Type: application/json' --data-raw '{"email" : “john.smith@veeva.com”}’

Request Payload

{

"john.smith@veeva.com"

}

Response will return a user that was deactivated with a status code

Example Response

{

"responseStatus": "SUCCESS,

"data": [

{

"userName" : "john@veevaProd",

"tenant" : "veevaProd",

"status" : "inactive",

"RedshiftUser: "vcdw_john_smith"

}

]

}