0 / 0
Roles and asset privacy settings for data source definitions
Last updated: Oct 03, 2024
Roles and asset privacy settings for data source definitions

Roles and the asset privacy setting control what actions you can do for data source definitions and what connections you can see on the Connections assignments tab.

To use data source definitions, confirm that you have the required roles.

Step 1: Confirm that you have a required role for the Platform assets catalog

Each task requires either the Admin or Editor role for the Platform assets catalog. For information, see Creating the Platform assets catalog.

Step 2: Confirm that you have a required IBM Cloud IAM role

You need one of the following IBM Cloud IAM roles:

  • CloudPak Data Source Creator: Create data source definitions and add endpoints from connections to data source definitions for connections that the user has access to.
  • CloudPak Data Source Administrator: Create data source definitions and add endpoints from connections to data source definitions for connections that the user has access to. In addition, view the list of connections across the account on the Connection assignments tab.

Follow these steps to confirm that you have one of these IBM Cloud IAM roles:

  1. From the Cloud Pak for Data as a Service navigation menu, go to Administration > Access (IAM) and log in to IBM Cloud.
  2. From the IBM Cloud navigation menu, select Roles.

If you do not see the roles CloudPak Data Source Creator or CloudPak Data Source Administrator, you can create a custom role.

  1. Click Create.
  2. In the Create a custom role dialog box, enter values for the Name, ID, and optional Description.
  3. For Service, select Cloud Pak for Data as a Service.
  4. In the View the actions selection, select either CloudPak Data Source Creator or CloudPak Data Source Administrator.
  5. Click Add, and then Create.

For more information, see Creating custom user access roles in IBM Cloud IAM.

Step 3: Control access to the private asset after you create the data source definition (optional)

By default, when you create a data source definition, it is a private asset in the Platform assets catalog. To do certain tasks, you must be the owner or editor of the data source definition asset. If you want to change the ownership, add members to the asset, or make the asset public, see Controlling access to an asset in a catalog.

Required roles and asset privacy settings and where you use them

Following are the required roles and asset privacy settings for creating, editing, deactivating, and deleting data source definitions.

Create a data source definition

The following table describes where you create a data source definition and the required roles.

Required roles to create a data source definition.
Where you do this task Platform assets catalog role IBM Cloud IAM role
- Data source definitions tab: New data source definition button.
- Connection assignments tab: Select a data source definition, and then click Add to data source definition > Create new. See also Connection assignments tab.
One of the following:
- Editor
- Admin
One of the following:
- CloudPak Data Source Creator
- CloudPak Data Source Administrator



Edit a data source definition

The following table describes where you can edit a data source definition and the required roles and asset privacy setting.

Required roles and asset privacy setting to edit a data source definition.
Where you do this task Platform assets catalog role IBM Cloud IAM role Asset privacy setting
- Data source definitions tab: Click the data source definition name or select Edit from the overflow menu overflow menu.
- Connection assignments tab: Select a data source definition, and then click Add to data source definition > Add to existing. See also Connection assignments tab.
The role depends on the asset privacy setting of the data source definition. One of the following:
- CloudPak Data Source Creator
- CloudPak Data Source Administrator
If the data source definition is a private asset (default), you must have the following role and ownership:
- Editor or Admin role for the Platform assets catalog
- Be the owner or editor of data source definition asset

If the data source definition has been changed to a public asset, you must have one of the following combinations of role and ownership:
- Admin role for the Platform assets catalog
Or
- Editor role for the Platform assets catalog
- Be the owner or editor of the data source definition asset



Deactivate or delete a data source definition

The following table describes where you can deactivate or delete a data source definition and the required roles and asset privacy setting.

Required roles and asset privacy setting to deactivate or delete a data source definition.
Where you do this task Platform assets catalog role IBM Cloud IAM role Asset privacy setting
Data source definitions tab: Open the overflow menu overflow menu for the data source definition, and then select Deactivate or Delete. The role depends on the asset privacy setting of the data source definition. One of the following:
- CloudPak Data Source Creator
- CloudPak Data Source Administrator
If the data source definition is a private asset (default), you must have the following role and ownership:
- Editor or Admin role for the Platform assets catalog
- Be the owner or editor of data source definition asset

If the data source definition has been changed to a public asset, you must have one of the following combinations of role and ownership:
- Admin role for the Platform assets catalog
Or
- Editor role for the Platform assets catalog
- Be the owner or editor of the data source definition asset



View the list of data source definitions on the Data source definitions tab

To view the data source definitions on the Data source definitions tab, you must have the following roles.

Required roles to see data source definitions on the Data source definitions tab
Platform assets catalog role IBM Cloud IAM role
One of the following:
- Editor
- Admin
One of the following:
- CloudPak Data Source Creator
- CloudPak Data Source Administrator

To view an individual data source definition in the Data source definitions list, the data source definition must be a public asset. Or, if the data source definition is a private asset (default), you must be the owner, editor, or viewer of the data source definition asset.



View the list of connections on the Connection assignments tab

To view the connections on the Connection assignments tab, you must have the following roles.

Required roles to see data source definitions on the Connection assignments tab
Platform assets catalog role IBM Cloud IAM role
One of the following:
- Editor
- Admin
One of the following:
- CloudPak Data Source Creator
- CloudPak Data Source Administrator

The connections are identified by Connection ID. If you have the CloudPak Data Source Administrator role, you can see the connection names and additional details. Select the Additional filters Filter icon, and then Show only: Connections that you have access to.

These IBM Cloud IAM roles control which connections and connection details you can see on the Connection assignments tab.

IBM Cloud IAM roles and views on the Connection assignments tab
View IBM Cloud IAM role
- View only the connections on the platform in the account that you have access to.
- View the additional details such as the connection name and endpoints.
CloudPak Data Source Creator
View all the connections on the platform in the account, including the connections that you do not have access to.
- For connections that you do not have access to, you can view limited metadata, including the assigned data source definition.
- For connections that you have access to, you can see the additional details such as the connection name and endpoints.
CloudPak Data Source Administrator



Learn more

Parent topic: Data protection with data source definitions

Generative AI search and answer
These answers are generated by a large language model in watsonx.ai based on content from the product documentation. Learn more