Managing users and roles (Data Virtualization)
Data Virtualization has four user roles, which are specific to the Data Virtualization environment. You can grant these roles to existing Cloud Pak for Data users.
Data Virtualization roles
- Data Virtualization Admin
- The user who provisions the Data Virtualization
service is automatically assigned the Data Virtualization
Admin role. After the service is provisioned, the Data Virtualization Admin can give other users access to the
service.
The Data Virtualization Admin is considered to be the manager of the Data Virtualization instance and assigns appropriate Data Virtualization roles to Cloud Pak for Data users.
- Data Virtualization Engineer
- Configures the data sources, virtualizes data, and manages access to virtual objects. Users with
this role can create a virtual table or view and grant access to it to users with any Data Virtualization role. By default, every virtual object that is
created in Data Virtualization is private. This privacy
means that in order for a virtual object to be accessed by a user other than its creator, access to
the virtual object must be granted.Restriction:
When previewing Data Virtualization data assets in Watson™ modules in Cloud Pak for Data (for example, Watson Knowledge Catalog, Watson Studio, and Data Refinery), and in cases when data masking applies, the preview is subject to the data protection rules and catalog or project access control only.
Data Virtualization access control is not enforced when masking applies to the asset and you must define your rules to manage access to the catalogs, projects, data assets, or connections for access control in Watson modules.
Tech preview This is a technology preview and is not supported for use in production environments.
Data source administrators are expected to provide access to a Data Virtualization Engineer to virtualize data. Users with this role service and fulfill data requests from Data Virtualization users.
- Data Virtualization User
-
Data Virtualization users can request access to virtualized data or data in general by initiating a data request. Users with this role can create views of virtual tables to which they have access.
- Data Virtualization Steward
-
Data Virtualization Stewards can access data in all user tables and views. Additionally, Stewards hold the Db2®
DATAACCESSauthority on the database.
The following table summarizes the Data Virtualization menu functions that each of the Data Virtualization user roles is able to access.
| Data Virtualization features | Admin | Engineer | User | Steward |
|---|---|---|---|---|
| Provision Data Virtualization | ✓ | |||
| User management | ✓ | |||
| Data sources | ✓ | ✓ | ||
| Virtualize | ✓ | ✓ | ||
| My virtualized data | ✓ | ✓ | ✓ | ✓ |
| Connection details | ✓ | ✓ | ✓ | ✓ |
| Service settings* | ✓ | ✓ | ✓ | ✓ |
| SQL editor | ✓ | ✓ | ✓ | ✓ |
Permissions of Data Virtualization roles
| Roles | Permissions |
|---|---|
| Data Virtualization Admin |
|
| Data Virtualization Engineer |
|
| Data Virtualization User |
|
| Data Virtualization Steward |
|
CONTROL privilege on that object. For
example:GRANT CONTROL on object to ROLE DV_ENGINEERCONTROL privilege, see the Db2 product
documentation.