> For the complete documentation index, see [llms.txt](https://v2.dataos.info/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://v2.dataos.info/operate/governance/adminstration.md).

# Administration

DataOS separates administration into two scopes: Instance and Tenant. Each scope has a designated role responsible for its boundary.

## Platform structure

```mermaid
graph TD
    A[DataOS Instance] --> B[Tenant A]
    A --> C[Tenant B]
    A --> D[Tenant N...]

    B --> B1[Data Products]
    B --> B2[Resources]
    B --> B3[Users & Roles]

    C --> C1[Data Products]
    C --> C2[Resources]
    C --> C3[Users & Roles]

    class A platform
    class B,C,D tenant
    class B1,B2,B3,C1,C2,C3 capability

    classDef platform fill:#334155,stroke:#1e293b,color:#ffffff,stroke-width:1.5px
    classDef tenant fill:#dbeafe,stroke:#3b82f6,color:#1e3a8a,stroke-width:1.3px
    classDef capability fill:#f8fafc,stroke:#cbd5e1,color:#334155,stroke-width:1px

    linkStyle default stroke:#94a3b8,stroke-width:1.4px
```

* **Instance** -- shared deployment boundary for the entire DataOS platform.
* **Tenant** -- isolated domain inside an instance where teams independently create and govern data products.

***

## Two admin roles

```mermaid
graph LR
    subgraph IS["Instance Scope"]
        OP[Operator]
    end

    subgraph TS["Tenant Scope"]
        TA[Tenant Admin]
    end

    OP -->|"creates tenant, delegates"| TA

    class OP,TA role

    classDef role fill:#dbeafe,stroke:#3b82f6,color:#1e3a8a,stroke-width:1.3px

    style IS fill:#f8fafc,stroke:#cbd5e1,color:#334155,stroke-width:1px,stroke-dasharray:4 3
    style TS fill:#f8fafc,stroke:#cbd5e1,color:#334155,stroke-width:1px,stroke-dasharray:4 3

    linkStyle default stroke:#94a3b8,stroke-width:1.4px,color:#475569
```

|                        | Operator                            | Tenant Admin                        |
| ---------------------- | ----------------------------------- | ----------------------------------- |
| **Scope**              | DataOS instance                     | Single tenant                       |
| **Privilege**          | Highest at instance level           | Highest within a tenant             |
| **Access inheritance** | Does NOT auto-inherit tenant access | Does NOT have instance-level access |
| **Assigned by**        | Organization                        | DataOS administrator (Operator)     |
| **Interfaces**         | CLI, Instance Admin app             | CLI, Tenant Admin app               |

***

## Operator responsibilities

```mermaid
flowchart LR
    subgraph P1["1. Intake"]
        R[Receive access request]
    end

    subgraph P2["2. Tenant decision"]
        E{New tenant needed?}
        T[Create Tenant]
        AU[Add users to existing tenant]
    end

    subgraph P3["3. Platform provisioning"]
        DP[Connect Dataplane]
        CO[Create Compute]
    end

    subgraph P4["4. Access & delegation"]
        INV[Invite users with roles]
        DEL{Delegate admin?}
        TA[Assign Tenant Admin role]
    end

    subgraph P5["5. Operating model"]
        TD[Tenant Admin manages tenant]
        OM[Operator manages directly]
        DONE([Access ready])
    end

    R --> E

    E -->|Yes| T
    T --> DP
    DP --> CO
    CO --> INV
    INV --> DEL

    DEL -->|Yes| TA
    TA --> TD
    TD --> DONE

    DEL -->|No| OM
    E -->|No| AU
    AU --> OM
    OM --> DONE

    class R,T,AU,DP,CO,INV,TA action
    class E,DEL decision
    class TD,OM outcome
    class DONE complete

    classDef action fill:#dbeafe,stroke:#3b82f6,color:#1e3a8a,stroke-width:1.3px
    classDef decision fill:#e2e8f0,stroke:#94a3b8,color:#334155,stroke-width:1.4px
    classDef outcome fill:#f8fafc,stroke:#cbd5e1,color:#334155,stroke-width:1.2px
    classDef complete fill:#ecfdf5,stroke:#86efac,color:#166534,stroke-width:1.4px

    style P1 fill:#f8fafc,stroke:#cbd5e1,color:#334155,stroke-width:1px
    style P2 fill:#f8fafc,stroke:#cbd5e1,color:#334155,stroke-width:1px
    style P3 fill:#f8fafc,stroke:#cbd5e1,color:#334155,stroke-width:1px
    style P4 fill:#f8fafc,stroke:#cbd5e1,color:#334155,stroke-width:1px
    style P5 fill:#f8fafc,stroke:#cbd5e1,color:#334155,stroke-width:1px

    linkStyle default stroke:#94a3b8,stroke-width:1.4px,color:#475569
```

{% stepper %}
{% step %}

### Identity and access

* Authentication via **federated identity provider** (SSO).
* DataOS consumes the identity signal; it does not replace the identity provider.
* **Recommended:** Map identity provider groups to DataOS roles so SSO assigns permissions automatically.
* Two areas:
  * **Identity management** -- connect org identity provider to instance.
  * **Access management** -- assign roles/permissions per user.
    {% endstep %}

{% step %}

### Tenant creation

* Only an **Operator** can create tenants.
* Interfaces: **CLI** or **Instance Admin** app (recommended).
* Instance Admin path:
  1. Open DataOS instance UI.
  2. Open profile menu > Instance Admin.
  3. Click **Create new tenant**.
  4. Enter tenant title.
  5. Enter tenant description.
* Title and description can be updated later, but **stable naming is recommended**.
* Before creating: decide if the request needs a new tenant or fits in an existing one.
  {% endstep %}

{% step %}

### Tenant setup

Tenant is **not ready for use** until both steps complete:

#### a. Dataplane Connection

* A **dataplane** is a split DataOS deployment hosted in the customer's **VPC**.
* Data interactions stay in the customer environment (security, compliance, control).
* In Instance Admin > select dataplane > add description.
* Dataplane resource must already exist before attachment.

#### b. Compute Creation

* **Compute** maps to **node pools** provisioned in the dataplane.
* In Instance Admin > Compute section > **Create compute**.
* Requires **node pool selector** and infrastructure details.
* Interfaces: CLI or Instance Admin app.
  {% endstep %}

{% step %}

### Tenant invitation

* Operator invites users with a **pre-assigned tenant role**.
* If user not found via search, enter email to send invite.
* Invited user gets email with acceptance link.
* After acceptance, user gets the **tenant base role**.
  {% endstep %}

{% step %}

### Secret management

* Credentials stored as **secret** resources in DataOS.
* Operators create secrets when they hold the credential material.
* Users can create secrets when policy allows.
* **CLI only** -- no other interface for secret management.
  {% endstep %}

{% step %}

### Data source connectivity

* Connections to external systems (Snowflake, Databricks, Redshift, etc.) via **depot** resource.
* **CLI only** for depot creation and management.
* Users with sufficient access and connection details can create depots without operator handoff.
  {% endstep %}

{% step %}

### Operations monitoring

* **Operations App** -- web interface for monitoring all instance workloads.
* Shows user-created and system workloads.
* Exposes logs and orchestration details per workload.
* Workflow: diagnose via Operations App > refer to runbooks > escalate to SRE if needed.
  {% endstep %}
  {% endstepper %}

***

## Tenant Admin responsibilities

```mermaid
flowchart LR
    TA[Tenant Admin]

    subgraph G1["Access Management"]
        AM[Manage tenant access]
        AM1[Find users on instance]
        AM2[Assign tenant-based roles]
        AM --> AM1
        AM --> AM2
    end

    subgraph G2["Resource Management"]
        RM[Govern resources]
        RM1[Manage orphaned resources]
        RM2[Grant access when owner unavailable]
        RM --> RM1
        RM --> RM2
    end

    subgraph G3["Resource Creation"]
        RC[Create tenant resources]
        RC1[Create Secrets]
        RC2[Create Depots]
        RC --> RC1
        RC --> RC2
    end

    TA --> AM
    TA --> RM
    TA --> RC

    class TA admin
    class AM,RM,RC capability
    class AM1,AM2,RM1,RM2,RC1,RC2 detail

    classDef admin fill:#334155,stroke:#1e293b,color:#ffffff,stroke-width:1.5px
    classDef capability fill:#dbeafe,stroke:#3b82f6,color:#1e3a8a,stroke-width:1.3px
    classDef detail fill:#f8fafc,stroke:#cbd5e1,color:#334155,stroke-width:1.1px

    style G1 fill:#f8fafc,stroke:#cbd5e1,color:#334155,stroke-width:1px
    style G2 fill:#f8fafc,stroke:#cbd5e1,color:#334155,stroke-width:1px
    style G3 fill:#f8fafc,stroke:#cbd5e1,color:#334155,stroke-width:1px

    linkStyle default stroke:#94a3b8,stroke-width:1.4px,color:#475569
```

{% stepper %}
{% step %}

### Access management

* Use the **Tenant Admin** app in DataOS UI.
* Find users on the DataOS instance and assign **tenant-level roles**.
* No instance-level intervention needed for tenant access requests.
  {% endstep %}

{% step %}

### Resource management

* Default behavior: users **cannot** update/delete/manage resources created by another user.
* Tenant admin **can** manage any resource in the tenant.
* Covers: granting access when owner is unavailable, deleting/updating abandoned resources (e.g., Depots).
  {% endstep %}

{% step %}

### Resource creation

* Tenant admin can create resources like any developer.
* Commonly creates **Secrets** and **Depots** that require credentials or sensitive config not available to standard developers.
* Can create new **compute** in the tenant or coordinate with Operators for instance-level compute.
  {% endstep %}
  {% endstepper %}

***

## Instance vs. Tenant decision

| Requirement                                         | Recommended Model             |
| --------------------------------------------------- | ----------------------------- |
| Proof of concept or focused data initiative         | Tenant                        |
| Strict infrastructure isolation                     | Separate instance             |
| Cross-department or external participants           | Separate instance             |
| Full upgrade and maintenance control                | Separate instance             |
| Cost efficiency via shared infrastructure           | Tenant                        |
| Predictable workloads, low neighbor impact          | Tenant                        |
| Dedicated execution without full instance isolation | Tenant with dedicated compute |

***

## Interfaces summary

| Action                        | CLI | Instance Admin App | Tenant Admin App |
| ----------------------------- | --- | ------------------ | ---------------- |
| Tenant creation/management    | Yes | Yes                | --               |
| Dataplane connection          | --  | Yes                | --               |
| Compute creation              | Yes | Yes                | --               |
| User invitation               | --  | Yes                | --               |
| Secret management             | Yes | --                 | --               |
| Depot management              | Yes | --                 | --               |
| Tenant user access management | --  | --                 | Yes              |
| Operations monitoring         | --  | Operations App     | --               |

***


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://v2.dataos.info/operate/governance/adminstration.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
