Security Guide > Privileges and Roles > Test Data Manager Service Privileges

Test Data Manager Service Privileges

Test Data Manager Service privileges determine the actions that users can perform using Test Data Manager. Configure privileges on the Security tab of the Administrator tool.

The following table describes each Test Data Manager privilege group:

Privilege Group	Description
Administration	Includes privileges to create and manage connections, roles and assign privileges to users and user groups from the Informatica Administrator, manage repositories, add licenses, and set up workflow and project attributes. Note: Before you can create users and groups, the default Informatica administrator user must assign Security Administration privileges to the Test Data Administrator user.
Data Domains	Includes privileges to view and manage data domains in the Test Data Manager.
Data Masking	Includes privileges to view and manage masking rules and policy assignments in the Test Data Manager.
Data Subset	Includes privileges to view and manage subset objects including entities, groups and templates in the Test Data Manager.
Policies	Includes privileges to view and manage policies in the Test Data Manager.
Projects	Includes privileges to view and manage projects, audit and import metadata, and execute plans and workflows in the Test Data Manager.
Rules	Includes privileges to view and manage masking and generation rules in the Test Data Manager.
Data Generation	Includes privileges to view and manage test data generation in the Test Data Manager.

Administration Privilege Group

The privileges in the Administration privilege group determine the administration tasks that Test Data Administrators can perform.

The following table lists the privileges in the Administration privilege group and the permissions required to perform a task on an object:

Privilege	Includes Privileges	Permission	Description
Manage Preferences	-	Write	User can perform the following actions on the Informatica Administrator and Test Data Manager: - Create roles. - Edit roles. - Delete roles. - View roles. - Associate roles to users. - Associate privileges to users. - Associate roles to user groups. - Associate privileges to user groups. - Add licenses. - Set up the TDM repository. - Set up the PowerCenter repository. - Set up data domain sensitivity levels. - Configure a test data warehouse repository. - Configure a test data warehouse. - Set up project custom attributes. - Set up workflow generation attributes. - Enable data discovery. - Set up profiling services. - View administration objects. - Configure keyword search indexing options.
View Connections	-	Read	User can perform the following actions on the Connections page in the Test Data Manager: - View connections. - Test connections.
Manage Connections	View Connections	Write	User can perform the following actions on the Connections page in the Test Data Manager: - Create connections. - Edit connections. - Delete connections. - View connections. - Test connections. - Configure a test data warehouse repository. - Configure a test data warehouse.

Connections Privilege Group

The privileges in the Connections privilege group determine the tasks that users can perform on the Connections page of the TDM Workbench. The following table lists the privileges in the Connections privilege group and the permissions required to perform a task on an object:

Privilege	Includes Privileges	Permission	Description
View Connections	-	Read	User can view connections and test connections in the TDM Workbench.
Manage Connections	View Connections	Write	User can perform the following actions on the Connections page in the TDM Workbench: - Create connections. - Edit connections. - Delete connections. - View connections. - Test connections.

Data Domains Privilege Group

The privileges in the Data Domains privilege group determine the tasks that users can perform on data domains on the Policies page of the Test Data Manager.

The following table lists the privileges in the Data Domains privilege group and the permissions required to perform a task on an object:

Privilege	Includes Privileges	Permission	Description
View Data Domains	-	Read	User can view data domains in the Test Data Manager.
Manage Data Domains	View Data Domains	Write	User can perform the following actions on data domains in the Test Data Manager: - Create data domains. - Edit data domains. - Delete data domains. - View data domains.

Data Masking Privilege Group

The privileges in the Data Masking privilege group determine the tasks that users can perform on the Project | Define | Data Masking view of the Test Data Manager. You can assign rules and polices to table columns from this view.

The following table lists the privileges in the Data Masking privilege group and the permissions required to perform a task on an object:

Privilege	Includes Privileges	Permission	Description
View Data Masking	-	Read	User can view data masking assignments in the Test Data Manager.
Manage Data Masking	View Data Masking	Write	User can perform the following data masking assignment actions in the Test Data Manager: - Add rule and policy assignments. - Delete rule and policy assignments. - Override rule properties. - View data masking assignments.

Data Subset Privilege Group

The privileges in the Data Subset privilege group determine the tasks that users can perform on data subset objects in the Test Data Manager.

The following table lists the privileges in the Data Subset privilege group and the permissions required to perform a task on an object:

Privilege	Includes Privileges	Permission	Description
View Data Subset	-	Read	User can perform the following data subset actions in the Test Data Manager: - View groups. - View templates - View entities. - View recent project objects.
Manage Data Subset	View Data Subset	Write	User can perform the following data subset actions in the Test Data Manager: - Create groups. - Edit groups. - Delete groups. - Add group parameters. - Create templates. - Edit templates. - Delete templates. - Add template parameters. - Create entity. - Edit entity. - Delete entity. - Add entity criteria. - Enable relationships. - Disable relationships. - Edit relationships - Review and act on changes. - Mark change review as complete.

Policies Privilege Group

The privileges in the Policies privilege group determine the tasks that users can perform on Policies in the Test Data Manager.

The following table lists the privileges in the Policies privilege group and the permissions required to perform a task on an object:

Privilege	Includes Privileges	Permission	Description
View Policies	-	Read	User can view policies in the Test Data Manager.
Manage Policies	View Policies	Write	User can perform the following policy actions policies in the Test Data Manager: - Create policies. - Edit policies. - Delete policies. - View policies.

Projects Privilege Group

The privileges in the Projects privilege group determine the tasks that users can perform on Projects in the Test Data Manager.

The following table lists the privileges in the Projects privilege group and the permissions required to perform a task on an object:

Privilege	Includes Privileges	Permission	Description
View Project	-	Read	User can perform the following actions on projects in the Test Data Manager: - View projects. - View plans. - View plan detail reports. - View plan audit reports. - View recent projects. - Create test data warehouse plans - Manage test data warehouse plans - Generate test data warehouse plans - Execute test data warehouse plans
Manage Project	View Project	Write	User can perform the following actions on projects in the Test Data Manager: - Create projects - Edit projects. - Delete projects - View projects. - Create parameters - Edit parameters - Delete parameters - Associate users to projects. - Associate user groups to projects. - Associate or remove rules to projects. - Associate or remove policies to projects - Create plans. - Edit plans. - Delete plans. - Generate plans.
Discover Project	-	Write	User can perform the following discover actions on projects in the Test Data Manager: - Classify tables. - Mark discovery as complete. - Associate data domains to columns. - Mark columns as restricted. - Mark columns as sensitive - Set similar value column - Remove similar value columns - Add primary keys - Remove primary Keys - Create logical constraints - View logical constraints - Edit logical Constraints - Delete Logical Constraints - View projects. - View profiled data domains. - Approve or reject profile data domains. - Mark data domain classification as complete. - View profiled primary keys. - Approve or reject profiled primary keys. - Mark primary key discovery as complete. - View profiled entities. - Approve or reject profiled entities. - Mark entity discovery as complete. - View project risk analysis. - View recent project sensitive data distribution.
Generate Project	-	Write	User can generate workflows in the Test Data Manager.
Execute Project	-	Write	User can perform the following execute actions on projects in the Test Data Manager: - Execute plans. - Execute workflows. - Stop workflows. - Abort workflows. - Recover workflows. - View plan execution.
Monitor Project	-	Read	User can perform the following monitor actions on projects in the Test Data Manager: - Monitor project jobs. - View project job logs. - Monitor jobs across projects. - View job logs across projects.
Audit Project	-	Read	User can view recent activity on projects and plans in the Test Data Manager.
Import Metadata	-	Write	User can perform the following actions on projects in the Test Data Manager: - Import sources - Delete sources.

Note: A user with Manage Project privilege must have at least the following levels of privileges to be able to create a plan with each component.

•View connection from the Administration privilege group. To create a plan.
•View data subset from the Data Subset privilege group. To create a plan with subset components.
•View masking rules from the Rules privilege group. To create a plan with masking components.
•View generation rules from the Rules privilege group. To create a plan with generation components.

Rules Privilege Group

The privileges in the Rules privilege group determine the tasks that users can perform on data masking and data generation rules in the Test Data Manager.

The following table lists the privileges in the Data Masking privilege group and the permissions required to perform a task on an object:

Privilege	Includes Privileges	Permission	Description
View Masking Rules	-	Read	User can view masking rules in the Test Data Manager.
Manage Masking Rules	View Masking Rules	Write	User can perform the following actions on data masking rules in the Test Data Manager: - Create masking rules. - Edit masking rules. - Delete masking rules. - View masking rules.
View Generation Rules	-	Read	User can view generation rules in the Test Data Manager.
Manage Generation Rules	View Generation Rules	Write	User can perform the following actions on data generation rules in the Test Data Manager: - Create generation rules. - Edit generation rules. - Delete generation rules. - View generation rules.

Data Generation Privilege Group

The privileges in the Data Generation privilege group determine the test data generation tasks that users can perform in the Test Data Manager.

The following table lists the privileges in the Data Generation privilege group and the permissions required to perform a task on an object:

Privilege	Includes Privileges	Permission	Description
View Data Generation	-	Read	User can view data generation rule assignments in the Test Data Manager.
Manage Data Generation	View Data Generation	Write	User can perform the following actions on data generation in the Test Data Manager: - View data generation rule assignments - Add data generation rule assignments. - Delete data generation rule assignments. - Override data generation rule assignments.