Data Admin¶

Data Admin is a special permission that allows users to override fine-grained access controls like Row-Level Security (RLS) and column-level masking policies. This permission is typically granted to service users or users who need to update data in the underlying tables or create views on the tables.

Here are the reasons why you might want to use Data Admin:

1. You have ETL jobs that need to create and update data in the tables. These jobs usually run as service users and require the Data Admin privilege.
2. You have users who own the underlying data and need to update the data in the tables.
3. You want users who need to create views on the table.

Behavior of Data Admin¶

The behavior of Data Admin in PolicySync Connector and Plugins is slightly different. Given below are the details of the behavior of Data Admin in both cases.

PolicySync Connector¶

Here is the behavior of Data Admin in the data platforms when using PolicySync Connector:

Privacera Permission	Select	Insert/Update/Delete	Show Tables	Describe/Show Create Table	Create View
Data Admin (Only)	Yes	No	Yes	No	No
Data Admin + Select	Yes	No	Yes	No	No
Data Admin + Read	Yes	No	Yes	Yes	Yes
Data Admin + Update	Yes	Yes	Yes	Yes	No

Plugins¶

Here is the behavior of Data Admin in the data platforms when using Privacera plugins:

Privacera Permission	Select	Insert/Update/Delete	Show Tables	Describe/Show Create Table	Create View
Data Admin (Only)	No	No	Yes	Yes	No
Data Admin + Select	Yes	No	Yes	Yes	Yes
Data Admin + Read	Yes	No	Yes	Yes	Yes
Data Admin + Update	No	Yes	Yes	Yes	No

Comments