Data Vault access roles determine the data that users can access in Data Discovery searches. Data Vault access roles also determine the data that users can access when they create and view custom reports. You can restrict data access at the entity level and at the archive or retirement project level.
Data Vault access roles also restrict which users can view and download files that contain exported search results. Users can only download the exported files if the user is assigned to the same access role as the entity. System-defined roles determine which files users can export to.
When you create a Data Vault access role, you specify the date that the role becomes valid and the date that the role expires. Access privileges expire with the role. Changes to the period of time that a role is valid are dynamic.
If you installed the Data Visualization component, Data Vault access roles determine the entities that users can access to create reports. To create and manage reports, users must have the same role assignment as the entities that contain the data that they want to include in the reports.
You can create multiple Data Vault access roles. The number of Data Vault access roles that you create depends on the type of security that you want to implement. For example, you might want to create one Data Vault access role for all entities within an application.