Skip to content

User Management

User Management is used for high-level authentication and user’s roles. Only ROLE_SYS_ADMIN has rights to view, edit, and create in User Management. The users created from portal are NATIVE user type and the users from LDAP and external auth are EXTERNAL user type.

Role Name Permission Granted
ROLE_SYSADMIN All permissions.
ROLE_ADMIN All permissions except User Management module.
ROLE_DISCOVERY_ALL All permissions to Discovery module.
ROLE_DISCOVERY_READ Read-only permission to Discovery module.
ROLE_DISCOVERY_STEWARDS All permissions to Discovery module except Delete functionality.
ROLE_DISCOVERY_GOVERNANCE Read-only permission to Discovery module.
ROLE_MONITORING_ALL All permissions related to Monitoring.
ROLE_MONITORING_READ Read-only permission to Monitoring.
ROLE_ANONYMOUS No permission granted.
ROLE_USER No permission granted.
ROLE_DISCOVERY_READ_RESTRICTED Read-only permission to Discovery module along with hiding sample values of classifications.
ROLE_ENCRYPTION_ALL All permissions to Encryption module.
ROLE_ENCRYPTION_READ Read-only permissions to Encryption  module.
ROLE_DATASERVER_ADMIN All permissions to Cloud module.
ROLE_CLOUD_ADMIN All permissions to Cloud module.
ROLE_EXPLORER_ALL This role will provide all required permission for File Explorer.
ROLE_EXPLORER_METADATA This role will have METADATA (Listing) permission for File Explorer.
ROLE_EXPLORER_READ This role will have READ permission for File Explorer.
ROLE_EXPLORER_WRITE This role will have WRITE permission for File Explorer.
ROLE_EXPLORER_DELETE This role will have DELETE permission for File Explorer.
ROLE_READ_ONLY This role will have READ ONLY permission for Privacera Portal.

Example: If a user is allowed read-only access to Monitoring and Discovery modules, then ROLE_SYS_ADMIN can assign role of ROLE_DISCOVERY_READ and ROLE_MONITORING_READ to that particular user.

LDAP Role Mapping#

LDAP role mapping is required to map LDAP roles with the existing Privacera roles. You can associate LDAP users roles to Privacera roles using this LDAP role mapping feature.

By default LDAP role mapping feature is disabled, you need to enable it by adding auth.ldap.enabled=true in Custom Properties section. The following are steps to enable LDAP role mapping feature:

  1. On the Privacera home page, expand the Settings menu and click on System Configurations from left menu.

  2. Select the Custom Properties.

  3. Click the Add Property.

  4. Enter the Key as auth.ldap.enabled.

  5. Enter the Value as true.

  6. Click Add.

Assign a Role to an LDAP User.#

  1. On the Privacera home page, expand the Settings menu and click on Ldap Role Mapping from left menu.

  2. On the LDAP Role Mapping page, enter the LDAP Group/Role name next to the Privacera role you want to map it to.

  3. Click Save.

Add Users#

  1. On the Privacera home page, expand the Settings menu and click on User Management from left menu.

  2. Click +Add.

  3. In the Add User dialog, enter the following details:

    • First Name (Mandatory)

    • Last Name

    • Email Id

    • User Name (Mandatory)

    • Select Role (Mandatory)

    • New Password

    • Confirm Password.

  4. Click Save.

Edit/Delete User#

  1. On the Privacera home page, expand the Settings menu and click on User Management from left menu.

  2. Click Edit (pencil icon) for the user.

  3. Edit the user details.

    Note: You are not allowed to change the Username once it is created. Hence, Username field is not editable.

  4. Click Save.

  5. To delete a user, click the Delete icon next to the user name.

Edit User Profiles#

  1. On the Privacera home page, click on Username and then click on Profile on top-right.

  2. Edit the profile properties.Profile pop-up displays.

  3. Change the password.

    1. Click Edit next to the Old Password.

    2. Enter the old password.

    3. Enter the new password and confirm it.


Last update: July 23, 2021