Portal User Roles in Privacera¶
Portal users in Privacera are assigned specific roles, each granting defined permissions. The following table provides details about the available roles and their associated permissions:
| Category | Role | Description |
|---|---|---|
PORTAL | ROLE_SYS_ADMIN | The Role provides access to all functionalities and functions as a super user for the portal. |
| ROLE_ADMIN | Privileged access to manage portal resources, configurations, and user operations. | |
| ROLE_USER | Authorized to create/view their policies and manage tokens for privacera portal. | |
| ROLE_ANONYMOUS | The Role with no permissions by default, explicitly denied access to all functionalities. | |
| ROLE_DATASERVER_ADMIN | Provides mixed permissions across data server management, cloud operations, discovery applications, and read access to portal users. | |
| ROLE_ACCESS_APPROVER | Provides access to the Access Management menu to approve or manage access requests. | |
| ROLE_READ_ONLY | Provides read-only access to the portal, allowing users to view information without making any changes or modifications. | |
| ROLE_KEY_ADMIN | Manages keys and permissions in Ranger, including configuring policies and ensuring encryption validation.. | |
| ROLE_POLICY_AUDITOR | Authorized to review audit information but cannot directly access data. | |
DISCOVERY | ROLE_DISCOVERY_ALL | Full permissions for discovery operations, scanning, and reporting. |
| ROLE_DISCOVERY_STEWARDS | Full permissions for the Discovery module, except for Delete functionality. | |
| ROLE_DISCOVERY_GOVERNANCE | Allows read-only access for discovery operations and reports. | |
| ROLE_DISCOVERY_READ | Authorized for read-only access to discovery data and reports. | |
| ROLE_DISCOVERY_READ_RESTRICTED | Allows viewing Discovery module with sample values of classifications. | |
| ROLE_DISCOVERY_SCAN | Full permissions to manage Data Zone, Data Sources, Tags, and Scan Status. Read-only access for Classification, Alerts, and Reviews. | |
ENCRYPTION | ROLE_ENCRYPTION_ALL | Manages all encryption and masking operations |
| ROLE_ENCRYPTION_READ | Allow to view and export encryption schemes. | |
MONITORING | ROLE_MONITORING_ALL | Full access to monitoring activities and metrics in the Discovery. |
| ROLE_MONITORING_READ | Read-only access to monitoring dashboards and metrics within the Discovery. | |
CLOUD | ROLE_CLOUD_ADMIN | Allows managing cloud resources in the Explorer . |
EXPLORER | ROLE_EXPLORER_ALL | Full permissions to view, create, update, and delete resources in the File Explorer. |
| ROLE_EXPLORER_METADATA | Permissions to manage and update metadata associated with resources in the File Explorer. | |
| ROLE_EXPLORER_WRITE | Permissions to upload files, create folders, and modify resources in the File Explorer. | |
| ROLE_EXPLORER_READ | Read-only permissions to browse and view resources in the File Explorer. | |
| ROLE_EXPLORER_DELETE | Permissions to delete files, folders, or resources in the File Explorer. |
Additional Information¶
- Portal Users vs. Data Access Users: Portal users differ from data access users, who consume information from data repositories. Data access users are managed separately in the "Users, Groups, and Roles" section.
- Account Admin: Each Privacera account is initialized with a single
ROLE_ACCOUNT_ADMINuser, who can create additional portal users and assign appropriate roles.
In PrivaceraCloud, roles are categorized based on their specific functions. Each role defines a set of permissions that determine the user’s capabilities within the Privacera Portal. Below are the categorized roles, along with their descriptions and associated permissions:
| Category | Role | Description |
|---|---|---|
ADMIN | ROLE_ACCOUNT_ADMIN | The Role Account Admin holds primary administrative access to the account, functioning as a super user. |
ACCESS | ROLE_POLICY_ADMIN | Privileged access to manage resources, policies, and account statistics. |
| ROLE_POLICY_AUDITOR | Authorized to review audit information but cannot directly access data. | |
| ROLE_USER | Authorized to create/view their policies and manage tokens for encryption and credential access. | |
DISCOVERY | ROLE_DISCOVERY_ALL | Full permissions for discovery operations, scanning, and reporting. |
| ROLE_DISCOVERY_STEWARDS | Performs all discovery-related tasks except deletions. | |
| ROLE_DISCOVERY_GOVERNANCE | Allows read-only access for discovery operations and reports. | |
| ROLE_DISCOVERY_READ | Authorized for read-only access to discovery data and reports. | |
| ROLE_DISCOVERY_READ_RESTRICTED | Allows viewing discovery data without sample values of classifications. | |
ENCRYPTION | ROLE_ENCRYPTION_ALL | Manages all encryption and masking operations. |
| ROLE_ENCRYPTION_READ | Can view and export encryption schemes. | |