Administrator Guide > User and Role Administration > Privileges
  

Privileges

Privileges determine the tasks that users can perform in the Test Data Manager. Users require domain privileges and Test Data Manager privileges.
The Informatica administrator assigns domain privileges, and you assign Test Data Manager Service privileges. Domain privileges work in conjunction with Test Data Manager Service privileges. For example, a developer that creates data masking or data generation plans needs Test Data Manager Service privileges to create the plans in the Test Data Manager. The developer also needs domain privileges to generate and run the data masking or data generation operations.
Note: Administrators can create custom roles that contain privileges and assign roles to users from the Informatica Administrator.

Informatica Privileges

The Informatica administrator assigns PowerCenter Repository Service privileges to users that need to perform subset, masking, and generation operations. All users need the domain privilege to change passwords. Users do not need domain privileges to perform profiling operations.

PowerCenter Repository Service Privileges to Perform Subset, Masking, and Generation Operations

The following table lists the PowerCenter Repository Service privileges that users need to perform data subset, data masking, and data generation operations:
Privilege Group
Privileges
Runtime Objects
Create, Edit, and Delete
Monitor
Execute
Tools
Access Designer
Access Repository Manager
Access Workflow Manager
Access Workflow Monitor
Design Objects
Create, Edit, and Delete
Sources and Targets
Create, Edit, and Delete
Folders
Create, Copy, and Manage Versions
Global Objects
Create Connections
Manage Deployment Groups
Execute Deployment groups
Create Labels
Create Queries

PowerCenter Repository Service Administrator Role to Generate and Run Workflows

To generate and run workflows, users must have the system-defined role Administrator on the PowerCenter Repository Service in addition to the required TDM privileges.

Privilege to Change Passwords

Test Data Manager users need the domain privilege, Access Informatica Administrator, to change their passwords in the Administrator tool.

Test Data Manager Service Privileges

Test Data Manager Service privileges determine the actions that users can perform using Test Data Manager. Configure privileges on the Security tab of the Administrator tool.
The following table describes each Test Data Manager privilege group:
Privilege Group
Description
Administration
Includes privileges to create and manage connections, roles and assign privileges to users and user groups from the Informatica Administrator, manage repositories, add licenses, and set up workflow and project attributes.
Note: Before you can create users and groups, the default Informatica administrator user must assign Security Administration privileges to the Test Data Administrator user.
Data Domains
Includes privileges to view and manage data domains in the Test Data Manager.
Data Masking
Includes privileges to view and manage masking rules and policy assignments in the Test Data Manager.
Data Subset
Includes privileges to view and manage subset objects including entities, groups and templates in the Test Data Manager.
Policies
Includes privileges to view and manage policies in the Test Data Manager.
Projects
Includes privileges to view and manage projects, audit and import metadata, and execute plans and workflows in the Test Data Manager.
Rules
Includes privileges to view and manage masking and generation rules in the Test Data Manager.
Data Generation
Includes privileges to view and manage test data generation in the Test Data Manager.

Administration Privilege Group

The privileges in the Administration privilege group determine the administration tasks that Test Data Administrators can perform.
The following table lists the privileges in the Administration privilege group and the permissions required to perform a task on an object:
Privilege
Includes Privileges
Permission
Description
Manage Preferences
-
Write
User can perform the following actions on the Informatica Administrator and Test Data Manager:
  • - Create roles.
  • - Edit roles.
  • - Delete roles.
  • - View roles.
  • - Associate roles to users.
  • - Associate privileges to users.
  • - Associate roles to user groups.
  • - Associate privileges to user groups.
  • - Add licenses.
  • - Set up the TDM repository.
  • - Set up the PowerCenter repository.
  • - Set up data domain sensitivity levels.
  • - Configure a test data warehouse repository.
  • - Configure a test data warehouse.
  • - Set up project custom attributes.
  • - Set up workflow generation attributes.
  • - Enable data discovery.
  • - Set up profiling services.
  • - View administration objects.
  • - Configure keyword search indexing options.
View Connections
-
Read
User can perform the following actions on the Connections page in the Test Data Manager:
  • - View connections.
  • - Test connections.
Manage Connections
View Connections
Write
User can perform the following actions on the Connections page in the Test Data Manager:
  • - Create connections.
  • - Edit connections.
  • - Delete connections.
  • - View connections.
  • - Test connections.
  • - Configure a test data warehouse repository.
  • - Configure a test data warehouse.

Data Domains Privilege Group

The privileges in the Data Domains privilege group determine the tasks that users can perform on data domains on the Policies page of the Test Data Manager.
The following table lists the privileges in the Data Domains privilege group and the permissions required to perform a task on an object:
Privilege
Includes Privileges
Permission
Description
View Data Domains
-
Read
User can view data domains in the Test Data Manager.
Manage Data Domains
View Data Domains
Write
User can perform the following actions on data domains in the Test Data Manager:
  • - Create data domains.
  • - Edit data domains.
  • - Delete data domains.
  • - View data domains.

Data Masking Privilege Group

The privileges in the Data Masking privilege group determine the tasks that users can perform on the Project | Define | Data Masking view of the Test Data Manager. You can assign rules and polices to table columns from this view.
The following table lists the privileges in the Data Masking privilege group and the permissions required to perform a task on an object:
Privilege
Includes Privileges
Permission
Description
View Data Masking
-
Read
User can view data masking assignments in the Test Data Manager.
Manage Data Masking
View Data Masking
Write
User can perform the following data masking assignment actions in the Test Data Manager:
  • - Add rule and policy assignments.
  • - Delete rule and policy assignments.
  • - Override rule properties.
  • - View data masking assignments.

Data Subset Privilege Group

The privileges in the Data Subset privilege group determine the tasks that users can perform on data subset objects in the Test Data Manager.
The following table lists the privileges in the Data Subset privilege group and the permissions required to perform a task on an object:
Privilege
Includes Privileges
Permission
Description
View Data Subset
-
Read
User can perform the following data subset actions in the Test Data Manager:
  • - View groups.
  • - View templates
  • - View entities.
  • - View recent project objects.
Manage Data Subset
View Data Subset
Write
User can perform the following data subset actions in the Test Data Manager:
  • - Create groups.
  • - Edit groups.
  • - Delete groups.
  • - Add group parameters.
  • - Create templates.
  • - Edit templates.
  • - Delete templates.
  • - Add template parameters.
  • - Create entity.
  • - Edit entity.
  • - Delete entity.
  • - Add entity criteria.
  • - Enable relationships.
  • - Disable relationships.
  • - Edit relationships
  • - Review and act on changes.
  • - Mark change review as complete.

Policies Privilege Group

The privileges in the Policies privilege group determine the tasks that users can perform on Policies in the Test Data Manager.
The following table lists the privileges in the Policies privilege group and the permissions required to perform a task on an object:
Privilege
Includes Privileges
Permission
Description
View Policies
-
Read
User can view policies in the Test Data Manager.
Manage Policies
View Policies
Write
User can perform the following policy actions policies in the Test Data Manager:
  • - Create policies.
  • - Edit policies.
  • - Delete policies.
  • - View policies.

Projects Privilege Group

The privileges in the Projects privilege group determine the tasks that users can perform on Projects in the Test Data Manager.
The following table lists the privileges in the Projects privilege group and the permissions required to perform a task on an object:
Privilege
Includes Privileges
Permission
Description
View Project
-
Read
User can perform the following actions on projects in the Test Data Manager:
  • - View projects.
  • - View plans.
  • - View plan detail reports.
  • - View plan audit reports.
  • - View recent projects.
  • - Create test data warehouse plans
  • - Manage test data warehouse plans
  • - Generate test data warehouse plans
  • - Execute test data warehouse plans
Manage Project
View Project
Write
User can perform the following actions on projects in the Test Data Manager:
  • - Create projects
  • - Edit projects.
  • - Delete projects
  • - View projects.
  • - Associate users to projects.
  • - Associate user groups to projects.
  • - Associate or remove rules to projects.
  • - Associate or remove policies to projects
  • - Create plans.
  • - Edit plans.
  • - Delete plans.
  • - Generate plans.
Discover Project
-
Write
User can perform the following discover actions on projects in the Test Data Manager:
  • - Classify tables.
  • - Mark discovery as complete.
  • - Associate data domains to columns.
  • - Mark columns as restricted.
  • - Mark columns as sensitive
  • - Set similar value column
  • - Remove similar value columns
  • - Add primary keys
  • - Remove primary Keys
  • - Create logical constraints
  • - View logical constraints
  • - Edit logical Constraints
  • - Delete Logical Constraints
  • - View projects.
  • - View profiled data domains.
  • - Approve or reject profile data domains.
  • - Mark data domain classification as complete.
  • - View profiled primary keys.
  • - Approve or reject profiled primary keys.
  • - Mark primary key discovery as complete.
  • - View profiled entities.
  • - Approve or reject profiled entities.
  • - Mark entity discovery as complete.
  • - View project risk analysis.
  • - View recent project sensitive data distribution.
Generate Project
-
Write
User can generate workflows in the Test Data Manager.
Execute Project
-
Write
User can perform the following execute actions on projects in the Test Data Manager:
  • - Execute plans.
  • - Execute workflows.
  • - Stop workflows.
  • - Abort workflows.
  • - Recover workflows.
  • - View plan execution.
Monitor Project
-
Read
User can perform the following monitor actions on projects in the Test Data Manager:
  • - Monitor project jobs.
  • - View project job logs.
  • - Monitor jobs across projects.
  • - View job logs across projects.
Audit Project
-
Read
User can view recent activity on projects and plans in the Test Data Manager.
Import Metadata
-
Write
User can perform the following actions on projects in the Test Data Manager:
  • - Import sources
  • - Delete sources.
Note: A user with Manage Project privilege must have at least the following levels of privileges to be able to create a plan with each component.

Rules Privilege Group

The privileges in the Rules privilege group determine the tasks that users can perform on data masking and data generation rules in the Test Data Manager.
The following table lists the privileges in the Data Masking privilege group and the permissions required to perform a task on an object:
Privilege
Includes Privileges
Permission
Description
View Masking Rules
-
Read
User can view masking rules in the Test Data Manager.
Manage Masking Rules
View Masking Rules
Write
User can perform the following actions on data masking rules in the Test Data Manager:
  • - Create masking rules.
  • - Edit masking rules.
  • - Delete masking rules.
  • - View masking rules.
View Generation Rules
-
Read
User can view generation rules in the Test Data Manager.
Manage Generation Rules
View Generation Rules
Write
User can perform the following actions on data generation rules in the Test Data Manager:
  • - Create generation rules.
  • - Edit generation rules.
  • - Delete generation rules.
  • - View generation rules.

Data Generation Privilege Group

The privileges in the Data Generation privilege group determine the test data generation tasks that users can perform in the Test Data Manager.
The following table lists the privileges in the Data Generation privilege group and the permissions required to perform a task on an object:
Privilege
Includes Privileges
Permission
Description
View Data Generation
-
Read
User can view data generation rule assignments in the Test Data Manager.
Manage Data Generation
View Data Generation
Write
User can perform the following actions on data generation in the Test Data Manager:
  • - View data generation rule assignments
  • - Add data generation rule assignments.
  • - Delete data generation rule assignments.
  • - Override data generation rule assignments.

Test Data Warehouse Service Privileges

Test Data Warehouse Service privileges determine the test data warehouse tasks that users can perform using Test Data Manager. Configure privileges on the Security tab of the Administrator tool.
The Test Data Warehouse privilege group includes the Data Sets privilege group.
The privileges in the Data Sets privilege group determine the tasks that users can perform on data sets in Test Data Manager.
The following table lists the privileges in the Data Sets privilege group and the permissions required to perform a task on an object:
Privilege
Includes Privileges
Permission
Description
View Data Set
-
Read
User can perform the following actions on data sets in Test Data Manager:
  • - View
  • - Create data coverage tasks
Manage Data Set
View Data Set
Write
User can perform the following actions on data sets in Test Data Manager:
  • - View
  • - Create
  • - Edit
  • - Delete
  • - Classify tables
  • - Create a subset of a data set
    • Note: With Read permission
View Data in Data Set
View Data Set
Read
User can open data sets and view the data set metadata and the data in data sets.
Manage Data in Data Set
  • - View Data Set
  • - View Data in Data Set
Write
User can perform the following actions on data sets in Test Data Manager:
  • - View data sets
  • - View data in tables
  • - Insert data in tables
  • - Update data in tables
  • - Delete data in tables
  • - Tag data in tables
  • - Perform Fill Cell jobs in a data coverage task
Reset Data Set
View Data Set
Execute
User can perform the following actions on data sets in Test Data Manager:
  • - View data sets
  • - Reset data sets

Optional Privileges

Based on the tasks performed, you might need to assign additional privileges to some users.
Users can link TDM global objects with business terms from a business glossary. To create, edit, and delete links to business terms, users need Model Repository Service and Analyst Services privileges. Users must have at least read permission on the glossary or the specific business term that they access. You can configure permission from the Analyst Tool.
Users can view terms linked to any object they have view privileges on. To create, edit, or delete a link to an object, users must have Manage privilege on the object.
The following table lists the minimum Model Repository Service privileges that users need to perform asset linking tasks:
Privilege Group
Privileges
Model Repository Service Administration
Access Analyst
Access the Analyst Tool.
The following table lists the minimum Analyst Service privileges that users need to perform asset linking tasks:
Privilege Group
Privileges
Workspace Access
Glossary Workspace
Access the glossary workspace within the Analyst Tool.
Users must have access permission to the Analyst Service to view or edit linked business terms. Assign a user access permission from the Security view in Informatica Administrator. To assign multiple users or user groups access permission, select the service in the Domain Navigator of the Informatica Administrator. Select the Permissions view and edit direct permissions.
For information on assigning permission from Informatica Administrator, see the Informatica Administrator Guide.

Test Data Manager Custom Roles

The Test Data Manager custom roles include the Test Data Administrator, Test Data Developer, Test Data Project DBA, Test Data Project Developer, Test Data Project Owner, Test Data Risk Manager, Test Data Specialist, and Test Engineer.

Test Data Administrator

The following table lists the default privileges assigned to the Test Data Administrator custom role:
Privilege Group
Privilege Name
Projects
Audit Project
Administration
  • - View Connections
  • - Manage Connections
  • - Manage Preferences

Test Data Developer

The following table lists the default privileges assigned to the Test Data Developer custom role:
Privilege Group
Privilege Name
Policies
  • - View Policies
  • - Manage Policies
Data Domains
  • - View Data Domains
  • - Manage Data Domains
Rules
  • - View Masking Rules
  • - Manage Masking Rules
  • - View Generation Rules
  • - Manage Generation Rules
Projects
Audit Project

Test Data Project DBA

The following table lists the default privileges assigned to the Test Data Project DBA custom role:
Privilege Group
Privilege Name
Projects
  • - View Project
  • - Execute Project
  • - Monitor Project
  • - Audit Project
Administration
  • - View Connections
  • - Manage Connections
Data Sets
  • - View Data Set
  • - View Data in Data Set.

Test Data Project Developer

The following table lists the default privileges assigned to the Test Data Project Developer custom role:
Privilege Group
Privilege Name
Policies
View Policies
Rules
  • - View Masking Rules
  • - View Generation Rules
  • - Manage Generation Rules
Data Domains
View Data Domains
Projects
  • - View Project
  • - Discover Project
  • - Execute Project
  • - Monitor Project
  • - Audit Project
  • - Import Metadata
Data Masking
  • - View Data Masking
  • - Manage Data Masking
Data Subset
  • - View Data Subset
  • - Manage Data Subset
Data Generation
  • - View Data Generation
  • - Manage Data Generation
Administration
  • - View Connections
  • - Manage Connections
Data Sets
  • - View Data Set
  • - View Data in Data Set

Test Data Project Owner

The following table lists the default privileges assigned to the Test Data Project Owner custom role:
Privilege Group
Privilege Name
Policies
View Policies
Rules
  • - View Masking Rules
  • - View Generation Rules
  • - Manage Generation Rules
Data Domains
View Data Domains
Projects
  • - View Project
  • - Manage Project
  • - Discover Project
  • - Execute Project
  • - Monitor Project
  • - Audit Project
  • - Import Metadata
Data Masking
  • - View Data Masking
  • - Manage Data Masking
Data Subset
  • - View Data Subset
  • - Manage Data Subset
Data Generation
  • - View Data Generation
  • - Manage Data Generation
Administration
  • - View Connections
  • - Manage Connections
Data Sets
  • - View Data Set
  • - View Data in Data Set
  • - Manage Data Set
  • - Manage Data in Data Set
  • - Reset Data Set

Test Data Risk Manager

The following table lists the default privileges assigned to the Test Data Risk Manager custom role:
Privilege Group
Privilege Name
Policies
View Policies
Rules
  • - View Masking Rules
  • - View Generation Rules
Data Domains
View Data Domains
Projects
Audit Project

Test Data Specialist

The following table lists the default privileges assigned to the Test Data Specialist custom role:
Privilege Group
Privilege Name
Policies
View Policies
Rules
  • - View Masking Rules
  • - Manage Masking Rules
  • - View Generation Rules
  • - Manage Generation Rules
Data Domains
  • - View Data Domains
  • - Manage Data Domains
Projects
  • - View Project
  • - Manage Project
  • - Discover Project
  • - Execute Project
  • - Monitor Project
  • - Audit Project
  • - Import Metadata
Data Masking
  • - View Data Masking
  • - Manage Data Masking
Data Subset
  • - View Data Subset
  • - Manage Data Subset
Data Generation
  • - View Data Generation
  • - Manage Data Generation
Administration
  • - View Connections
  • - Manage Connections
Data Sets
  • - View Data Set
  • - View Data in Data Set
  • - Manage Data Set
  • - Manage Data in Data Set
  • - Reset Data Set

Test Engineer

The following table lists the default privileges assigned to the Test Engineer custom role:
Privilege Group
Privilege Name
Projects
  • - View Project
  • - Monitor Project
Data Sets
  • - View Data Set
  • - Manage Data Set
  • - Reset Data Set
  • - View Data in Data Set
  • - Manage Data in Data Set