User Guide

Admin

Create, test, edit and delete Environments (including supplying Hadoop Cluster details and managing token vaults, secret keys, Privitar on Demand settings as well as SecureLink configurations).

Author

Create, edit and delete Schemas, Rules and Policies.

Create, edit and delete masking and unmasking Jobs (for all of Batch/Hadoop, Data Flow, Privitar on Demand).

Create, edit, delete and close Protected Data Domains.

Operator

Run and cancel Batch masking Jobs (on an already defined Environment, according to a given privacy Policy and defined Job). For example, run and cancel Jobs on a Hadoop cluster.

An Operator executes Jobs but cannot create or edit Jobs or Policies, unless they have additional Roles.

The Operator Role also does not include Permissions to run Data Flow Jobs (these require the Data Flow Operator Role).

Operators may, however, create Protected Data Domains, as this is an important precursor to running a Job.

Investigator

Re-identify/unmask a single field by entering a tokenized value in the unmasking interface and retrieving the original sensitive value. For security this activity requires an additional authentication by another distinct User with the Investigator role. Unmasking is only available on Hadoop Clusters.z

Investigate a Watermark (through a Batch Job on a Hadoop Cluster).

Unmasker

The Unmasker role is required on User credentials to run and cancel Unmasking Jobs on an entire file, rather than an individual value. Unmasking is only available on Hadoop Clusters (through a Batch Job).

Data Flow Operator

The Data Flow Operator has Run Data Flow permissions that are required on user credentials used in a Data Flow pipeline configuration. That is, for Jobs on a data streaming processor such as NiFi, Kafka/Confluent or StreamSets.