Table of Contents

Search

  1. Preface
  2. User administration
  3. Ecosystem single sign-on
  4. SAML single sign-on
  5. Users
  6. User groups
  7. User roles
  8. User configuration examples
  9. Editing your user profile

User Administration

User Administration

Cross-service roles

Cross-service roles

Cross-service roles are system-defined roles that define access privileges across multiple services.
The following table describes the cross-service roles:
Cross-service role
Provides access to...
Description
Admin
All services
Role for organization administrators. Provides full access to all licensed services with the following exceptions:
  • Doesn't provide privileges to enable or disable the use of customer managed encryption keys for the organization. To provide these privileges, assign the user both the Admin and Key Admin roles.
  • Doesn't provide full access to all MDM services. For example, doesn't allow the user to access the workflow inbox or create hierarchies in MDM business services. To provide full access to MDM services, assign the user an appropriate MDM service-specific role.
Best practice is to assign the Admin role to one or two trusted users and assign the users to an administrative user group that has full permissions on all asset types. These users can act as alternative organization administrators and can help troubleshoot access control and other organization security issues.
Data Integration
Data Previewer

    Data Integration

    Data Profiling

    Data Quality

    Data Validation

Supplemental role that allows designers to preview data while creating mappings, tasks, profiles, and test cases. Allows users to perform the following tasks:
  • Preview data in a mapping or task in
    Data Integration
    .
  • Preview data on a data quality transformation in a mapping in
    Data Integration
    .
  • View source object data for profiles and profile results in
    Data Profiling
    .
  • Preview data while creating test cases in
    Data Validation
    .
This is a supplemental role. Assign this role with another role, such as the Designer role, to ensure that users can access
Data Integration
,
Data Profiling
, and
Data Validation
.
Data Integration
Task Executor

    Data Integration

    Data Access Management

Role for running tasks and taskflows and executing data access policies. Allows users to perform the following tasks:
  • View assets and asset details in
    Data Integration
    .
  • Run tasks and taskflows and test-run mappings in
    Data Integration
    .
  • View user's own data integration jobs and job details in
    Data Integration
    .
  • Start and stop user's own jobs in
    Data Integration
    .
  • Download session logs in
    Data Integration
    .
  • Execute data access policies in
    Data Integration
    .
  • Access
    Data Access Management
    .
  • View data access policies in
    Data Access Management
    .
Deployer

    API Center

    Application Integration

    Application Integration Console

    Data Quality

    Mass Ingestion

    Data Validation

Role for users that deploy assets and processes. Allows users to perform the following tasks:
  • View and deploy assets, assign policies, manage organization settings, and add OAuth 2.0 clients in
    API Center
    when assigned with the Service Consumer role.
  • View asset details in
    Application Integration
    .
  • Deploy assets, view settings, and upload and deploy Process Developer-generated orchestration artifacts (BPRs) in
    Application Integration Console
    .
  • View asset details except dictionary data in
    Data Quality
    .
  • View application ingestion, database ingestion, and streaming ingestion tasks in
    Mass Ingestion
    .
  • View test cases, test suites, and reports in
    Data Validation
    .
  • Run test cases and test suites in
    Data Validation
    .
Designer

    Administrator

    API Center

    Application Integration

    Application Integration Console

    B2B Gateway

    Data Integration

    Data Profiling

    Data Quality

    Integration Hub

    Mass Ingestion

    Model Serve

    Monitor

    Data Validation

Role for users that create assets, tasks, and processes. Allows users to perform the following tasks:
  • Create assets, tasks, and processes.
  • Configure connections, schedules, and runtime environments.
  • Monitor jobs and advanced clusters, except in Mass Ingestion.
  • View, create, and edit test cases and test suites in
    Data Validation
    .
Provides full access to
Application Integration
,
B2B Gateway
,
Data Integration
,
Data Profiling
,
Data Quality
, and
Monitor
.
Provides full access to
API Center
when the Service Consumer role is also assigned.
Provides partial access to
Administrator
,
API Center
,
Application Integration Console
, Integration Hub,
Mass Ingestion
,
Model Serve
, and
Data Validation
.
Monitor

    Administrator

    API Center

    Application Integration

    Application Integration Console

    B2B Gateway

    Data Integration

    Data Profiling

    Data Quality

    Integration Hub

    Mass Ingestion

    Model Serve

    Monitor

Role for users that monitor jobs. Allows users to perform the following tasks:
  • Monitor
    API Center
    assets,
    Data Integration
    jobs,
    Data Quality
    assets, Integration Hub assets,
    Mass Ingestion
    jobs,
    Model Serve
    assets, and
    Application Integration
    process instances.
  • View schedules and upgrade settings for Secure Agent services in
    Administrator
    .
  • Start and stop file servers, configure proxy servers, and view file server settings in
    Administrator
    .
  • View asset details in
    Application Integration
    ,
    B2B Gateway
    ,
    Data Integration
    ,
    Data Profiling
    , Integration Hub, and
    Model Serve
    .
  • View settings in
    Application Integration Console
    .
  • View asset details except dictionary data in
    Data Quality
    .
  • View API invocation logs in
    API Center
    .
  • View application ingestion, database ingestion, and streaming ingestion jobs and job details in
    Mass Ingestion
    .
  • View data integration and job details in
    Monitor
    .
Operator

    Application Integration

    Application Integration Console

    Data Profiling

    Data Quality

    Model Serve

    Operational Insights

Role for users that manage processes. Allows users to perform the following tasks:
  • View asset details in
    Application Integration
    ,
    Data Profiling
    , and
    Model Serve
    .
  • Manage process instances and modify some operational server parameters in
    Application Integration
    .
  • View and edit Process Server settings and some Cloud Server settings in
    Application Integration Console
    .
  • View asset details except dictionary data in
    Data Quality
    .
  • View cloud and domain infrastructure and Secure Agent alert settings in
    Operational Insights
    .
Service Consumer

    Administrator

    API Portal

    Application Integration

    Data Integration

    Data Quality

Role for users that run tasks and processes. Allows users to perform the following tasks:
  • View schedules, Swagger files, and upgrade settings for Secure Agent services, start and stop file servers, configure proxy servers, and view other file server settings in
    Administrator
    .
  • Open
    API Portal
    .
  • Invoke processes in
    Application Integration
    .
  • View tasks, run tasks, test-run mappings, run taskflows, and download workflow XML in
    Data Integration
    .
  • View asset details except dictionary data in
    Data Quality
    .
Provides full access to
API Portal
.

0 COMMENTS

We’d like to hear from you!