Predefined roles and permissions
The permissions and predefined roles that are available depend on the services that are installed on top of Cloud Pak for Data. When you add a user or group, you must specify the role that they have.
Jump to the appropriate section for more information:
Predefined roles
A role defines the permissions that a user or group has.
You can edit the default roles or create new roles if the default set of permissions in a role doesn't align with your business needs. For more information, see Managing roles.
Definitions for each permission are provided in Permissions.
Role | Permissions | Services that contribute permissions | Service that creates the role |
---|---|---|---|
Administrator |
|
Cloud Pak for Data control plane | Cloud Pak for Data control plane |
|
DataStage® Edition | ||
|
Watson™ Knowledge Catalog | ||
Business Analyst |
|
Watson Knowledge Catalog | Watson Knowledge Catalog |
Data Engineer |
|
Cloud Pak for Data control plane | DataStage Edition or Watson Knowledge Catalog |
|
DataStage Edition | ||
|
Watson Knowledge Catalog | ||
Data Quality Analyst |
|
Watson Knowledge Catalog | Watson Knowledge Catalog |
Data Scientist |
|
Watson Knowledge Catalog | Watson Knowledge Catalog |
Data Steward |
|
Watson Knowledge Catalog | Watson Knowledge Catalog |
Developer |
|
Cloud Pak for Data control plane | Watson Knowledge Catalog |
|
Watson Knowledge Catalog | ||
User |
|
Cloud Pak for Data control plane | Cloud Pak for Data control plane |
When you install the following services, the following permissions are added to the platform. However, the permissions are not automatically added to a role. If you want to use these permissions, you must add them to a role.
Service | Permissions not associated with a role by default |
---|---|
Cloud Pak for Data control plane |
|
Watson Knowledge Catalog |
|
admin
) is automatically assigned the following roles when the
roles are added to the platform:- Administrator
- Business Analyst
- Data Engineer
- Data Quality Analyst
- Data Scientist
- Data Steward
- Developer
Permissions
The following table describes the actions that are associated with each permission.
Category | Permission | Description | Service that contributes the permission |
---|---|---|---|
Cloud Pak for Data administration | Administer platform |
Users with this permission can:
The following actions are not listed in the web client, but are also included in the Administer
platform permission:
Users with this permission have elevated privileges and can grant or revoke all permissions, including permissions in the Cloud Pak for Data administration category. |
Cloud Pak for Data control plane |
Configure authentication |
Users with this permission can:
|
Cloud Pak for Data control plane | |
Configure platform |
Users with this permission can:
The following actions are not listed in the web client, but are also included in the Configure
platform permission:
|
Cloud Pak for Data control plane | |
Manage and monitor platform | Users with this permission can:
|
Cloud Pak for Data control plane | |
Manage groups |
Users with this permission can:
|
Cloud Pak for Data control plane | |
Manage users |
Users with this permission can:
|
Cloud Pak for Data control plane | |
Create service instances |
Users with this permission can:
|
Cloud Pak for Data control plane | |
Data governance | Access advanced governance capabilities |
Users with this permission, in combination with other required permissions, can:
|
Watson Knowledge Catalog |
Access advanced mapping capabilities |
Users with this permission, in combination with other required permissions, can:
|
Watson Knowledge Catalog | |
Access catalogs |
Users with this permission can:
|
|
|
Access information assets view |
Users with this permission can:
|
Watson Knowledge Catalog | |
Analyze data quality |
Users with this permission can:
|
Watson Knowledge Catalog | |
Discover assets |
Users with this permission can:
|
Watson Knowledge Catalog | |
Import metadata |
Users with this permission can:
|
Watson Knowledge Catalog | |
Manage information assets |
Users with this permission can:
|
Watson Knowledge Catalog | |
View data quality |
Users with this permission can:
|
Watson Knowledge Catalog | |
Access governance artifacts |
Users with this permission can:
|
Watson Knowledge Catalog | |
Manage data protection rules |
Users with this permission can:
|
Watson Knowledge Catalog | |
Data governance administration | Manage catalogs |
Users with this permission can:
|
|
Manage governance categories |
Users with this permission can:
|
Watson Knowledge Catalog | |
Manage governance workflows |
Users with this permission can:
|
Watson Knowledge Catalog | |
Data integration | Integrate and transform data |
Users with this permission can:
|
DataStage Edition |
Knowledge work | Access assigned services |
Users with this permission can:
|
Cloud Pak for Data control plane |