To accomplish certain tasks within the Stewardship Tier, a Security Administrator must assign users to the appropriate security roles and WebApp groups. The Stewardship Tier offers delivered security roles that have default permissions for certain applications. Security Administrators can copy the delivered security roles to easily create custom roles tailored to each project’s scope. Refer to Copy a Security Role for more information.
The Stewardship Tier is installed with the following security roles:
System Administration Roles
- System Administrator—Users assigned to this role have full access to administer the Stewardship Tier. This is a privileged role that should be assigned to only a few select users that have a deep understanding of the Stewardship Tier.
- Security Administrator—Users assigned to this role can maintain all aspects of the Stewardship Tier security layer. They can create roles, security definitions and custom WebApp groups. They can also create users and assign them roles. This is a privileged role and must be assigned to only a few select users.
User Management—Users assigned to this role can create new users, reset passwords and assign users to roles. This role also allows users to create roles of type Content and to assign security definition key values (Content) to such roles.
Governance Functional Roles
- Governance Business User—Users assigned to this role have access to all Stewardship Tier data governance application functionality intended for use by end users. Depending on which applications are in scope for a project, this role will need to be tailored to meet project requirements.
- Governance Developer—Users assigned to this role have PowerUser access across all the Stewardship Tier data governance applications and most shared cross-application components (Common, Collect and Integrate). They also have wide access to System Administration functionality. They do not have access to maintain Stewardship Tier security. Depending on which applications are in scope for a project, this role will need to be tailored to meet project requirements.
Migration Functional Roles
- Migration Developer Advanced—Users assigned to this role are senior resources on a project and are responsible for not only designing, developing and executing data objects from start to finish, but also for troubleshooting, supporting other consultants and managing some Stewardship Tier-level settings that control Stewardship Tier’s behavior. Users with this access must have a deep understanding of the Stewardship Tierand associated implementation methodology.
- Migration Developer Lite—Users assigned to this role are developers on a project that are responsible for designing, developing and executing data objects from start to finish. This role should permit them to perform all tasks required to design, build and execute the data objects they are responsible for. Users assigned this role should have limited access to any setup and configuration areas of Stewardship Tier, including Console, and they are not permitted to alter the Wave setup, because such changes impact project scope and should be determined by the project lead.
- Migration Business User—Users assigned to this role are able to maintain target data design, field mapping and value mapping. They should also be able to view the migration reports to which they have been assigned.
- Migration Executer—Users assigned to the Migration Executer role can view data design, field and value mappings and execute Transform and Integrate processes. This role is intended for use on projects that have a multi-tier Stewardship Tier environment where changes made in the development environment are transported into the Quality and Production instances and by projects that have a team that is responsible solely for executing the migration process.
The Stewardship Tier is also installed with security roles specific to dspTrack™.
Other security roles must be defined on site. Refer to Create Security Roles for more information.
To view full details of the WebApps and pages to which each role has access, click the Pages icon for a role.