Manage Security

A user does not have to authenticate to access . When Data Privacy is selected from , the domain and user ID of the logged on user determines the data privacy role assignment. All roles are stored at the File-AID Services level and all repositories will have the same role assignments.

Important

The following roles allow users to access only the information that is available for their role. Information on the mainframe is protected by whatever security the mainframe provides (such as RACF). This means that a

user cannot access any information on the mainframe that cannot be accessed when logging on to the mainframe directly.

The following are descriptions of the default roles provided with

Some content is unavailable due to permissions.

Data Privacy Administrator

Different roles will have access to different functions within

Some content is unavailable due to permissions.

. The Data Privacy Administrator is the highest level of authorization and has complete access to all functions within Data Privacy.

When Data Privacy is installed, the role of Data Privacy Administrator is assigned to a default ID. The first access to Data Privacy must use this ID to assign additional users to data privacy roles. Then the default ID can be deleted. There must always be at least one user assigned to the Data Privacy Administrator role. The Data Privacy Administrator is the only role authorized to manage repositories.

A password can be specified when adding or editing a user, and must exist in the Data Privacy security database to:

Data Privacy Auditor

The Data Privacy Auditor role has the authority to browse and report on all data within all projects. The Data Privacy Auditor cannot change any data.

Data Privacy Global Resource Administrator

The Data Privacy Global Resource Administrator role is responsible for defining and managing the resources that are shared by all Data Privacy projects. This includes global data elements, global rules, managed translate tables, encryption keys, credentials, and custom functions.

Data Privacy Project Administrator

The Data Privacy Project Administrator role is responsible for creating projects and managing the definition of privacy within the project. This includes the definition of data elements and rules. Data Privacy Project Administrators can import global definitions into their projects.

Any user assigned to the Data Privacy Project Administrator role is authorized to browse all projects, but they must have project authorization to be able to edit the project. Since Data Privacy Project Administrators create projects, they are both the project creator and the Data Privacy Project Administrator of the projects they create. Any Data Privacy Project Administrator can update a project, but only the Data Privacy Project Administrator or the Data Privacy Administrator can delete a project.

Data Privacy SME (Subject Matter Expert)

The Data Privacy SME role knows the application data and creates the data element definitions by adding source data identifiers to the data elements that were defined by the Project Administrator. Users with this role cannot create new data elements. Subject Matter Experts can use their application knowledge and search the metadata to properly identify the data for each data element.