Skip to main content

Manage Roles and Permissions

The Role based access controls (RBAC) is a method of regulating access to network or computer resources based on the roles of an individual within an enterprise. This helps in restraining an individual from accessing information that does not pertain to them.

You can view default and create/edit custom PK Protect roles that control access to connections, clusters, tasks, and products through the Role Management screen. Use roles to define permissions for PK Protect users.

Access the Role Management screen from the menu under User Management > Roles. The Role Management screen is depicted below:

There are various categories of permissions available on the Role Management screen. Using these, you can grant create, read, update, delete, and execute permissions to the role selected in the Role List panel for several objects such as, database connection, masking/detection task, user defined policy etc.

There are three types of access permissions:

  1. Full Access: This permission provides full access over an object for the selected operation, to the users associated with the selected role. Full Access permission allows a user to create, read, update, delete, or execute the objects. In this scenario, every user who has ‘Full Access’ permissions will be able to access all the items created by themselves and others.


    For example, in the above screenshot, if you have given Delete permission for Full Access for Sensitive Types to the Task Executor role, then the users with this role will be able to read and delete sensitive types created by any user of same and different roles.

  2. Role Access: These permissions apply to all the users in the selected role. Users associated with the same role have access to other user’s objects or entities. In this scenario, access rights can be provided on individual objects (Connections, Structures, Report, etc.) to a specific role type. Administrators have right to give CRUD access to any role type.


    For example, in the above screenshot, if you have given Delete permission for Role Access for Sensitive Types to the Task Executor role, then the users with this role will be able to read and delete other user’s sensitive types associated to that specific role only.

  3. Owner Access: These permissions apply to any of the object that a user creates and owns. Users can create, read, update, delete, or execute objects as per the operations selected.


    For example, in the above screenshot, if you have given Delete permission for Owner Access for Sensitive Types to the Task Executor role, then only the user who has created that sensitive type will be able to read and delete that object.

Following are the permissions listed on the screen:

  1. Edit Product Access Permissions:
    Select the role from the Role list panel. It will list all the Products. Check the checkbox(s) under the Access column corresponding to a specific product for which you want the selected role to have the access. Click Save. To refresh the panel with latest changes, click the Refresh button.

  2. Edit User Defined Sensitive Type Permissions:
    Select the role from the Role list panel. It will list all the user defined Sensitive Types. You can grant CRUD permissions to the selected role for the sensitive types listed under the Sensitive Type Name column. You can also give Full access, Role access, and Owner access to the role for the Sensitive Types. Click Save. To refresh the panel with latest changes, click the Refresh button.

  3. Edit User Defined Policy Permissions:
    Select the role from the Role list panel. It will list all the user defined policies. You can grant CRUD permissions to the selected role for the policies listed under the Policy Name column. You can also give Full access, Role access, and Owner access to the role for the Policies. Click Save. To refresh the panel with latest changes, click the Refresh button.

  4. Edit Clusters Access Permissions:
    Select the role from the Role list panel. It will list all the clusters. You can grant CRUD permissions to the selected role for the clusters listed under the Name column. You can also give Full access and Role access to the role for HDFS and EMR cluster. Click Save. To refresh the panel with latest changes, click the Refresh button.

  5. Edit Domain Permissions:
    Select the role from the Role list panel. It will list all the domains. You can grant CRUD permissions to the selected role for the domains listed under the Domain Name column. You can also give Full access, Role access, and Owner access to the role for the domains. Click Save. To refresh the panel with latest changes, click the Refresh button.

  6. Edit Structure Permissions:
    Select the role from the Role list panel. It will list all the structures. You can grant CRUD permissions to the selected role for the structures listed under the Structure Name column. You can also give Full access, Role access, and Owner access to the role for the structures. Click Save. To refresh the panel with latest changes, click the Refresh button.

  7. Edit HDFS Output Directory Permissions:
    Select the role from the Role list panel. It will list all the HDFS, LFA, AWS, and Azure output directories. You can grant CRUD permissions to the selected role for the output directories listed under the Directory Name column. You can also give Full access, Role access, and Owner access to the role for the output directories. Click Save. To refresh the panel with latest changes, click the Refresh button.

  8. Edit DBMS/SharePoint Connections Permissions:
    Select the role from the Role list panel. It will list all the connections. You can grant CRUD permissions to the selected role for the connections listed under the Connection Name column. You can also give Full access, Role access, and Owner access to the role for the connections. Click Save. To refresh the panel with latest changes, click the Refresh button.

  9. Edit Task/Template Definitions Permissions:

    Select the role from the Role list panel. It will list all the tasks created in the system. You can grant CRUDE permissions to the selected role for the tasks listed under the Name column. You can also give Full access, Role access, and Owner access to the role for the tasks. Click Save. To refresh the panel with latest changes, click the Refresh button.

  10. Edit User Access Permissions:
    Select the role from the Role list panel. It will list all the users. You can grant CRUD permissions to the selected role for the users listed under the User Name column. You can also give Full access, Role access, and Owner access to the role for the users. Click Save. To refresh the panel with latest changes, click the Refresh button.

  11. Edit Dynamic Masking Configuration Permissions:
    Select the role from the Role List panel. It will list all the Dynamic Masking configuration sub-modules. You can grant CRUD permissions to the selected role for the Dynamic Masking sub-modules listed under the DM Configuration column. You can give Full access to the role for the Dynamic Masking sub-modules.

    The super admin will have CRUD permissions and the default user will have only read permission, by default. Click Save to save the changes. To refresh the panel with latest changes, click the Refresh button.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.