Version 25.3.9396

• Admin Role
• Standard Role
• Job Creator Role
• Job Operator Role
• Custom Roles
  • Creating Custom Roles and Policies
  • Assigning Users to a Custom Role
• User Roles Comparison

In CData Sync, the Roles tab (Settings > Roles) displays a table of all roles that are defined in the application, along with a link to all users who can assume each role. Roles enable you to restrict users to performing only certain actions on certain resources. The roles that are assigned to users affect everything that they see in Sync, including but not limited to the following components:

• connections

• jobs

• transformations

Every installation of Sync includes four predefined roles:

• Admin

• Standard

• Job Creator

• Job Operator

These roles are global roles that cannot be edited or deleted. They apply to all resources. However, you can define custom roles that limit each user’s permissions. Custom roles are made up of policies, which provide the most granular control over exactly what users can see or do in Sync. An individual user can be assigned to a maximum of five roles, and each role can include up to ten policies. Custom roles also identify which resources users can see and interact with.

The following sections describe each predefined role and explain how to define new policies and roles.

Admin Role

The Admin role provides full control over the application. An Admin user can create new jobs and connections, change application settings, and perform every other operation supported by the console. Only Admin users have permission to manage other users. Admin users can create, delete, and modify users. In addition, only admin users can view the Audit log, which records changes that are made within the application (by any user).

Standard Role

The Standard role allows users to create, edit, and delete jobs and connections, but it does not allow for changing application-wide settings like those that appear on the Settings tab.

Job Creator Role

The Job Creator role allows users to create, edit, and delete jobs and transformations, but it does not allow access to connections and does not allow for changing application-wide settings.

Job Operator Role

The Job Operator role is a Read-only role that enables users to start and stop jobs, view job history, and download job logs. However, these users cannot create new jobs, delete jobs, or change application settings.

Custom Roles

Custom roles give you more granular control over what each user can see or do in the Sync application. You define custom roles by creating policies, which specify the exact permissions assigned to members of that role. You can assign an individual user to a maximum of ten roles, and each role can include up to ten policies.

Creating Custom Roles and Policies

To create a custom role:

1. Select Settings > Roles.

2. Click Add Role. Enter a meaningful name and description for the role. Then, click Add Role again to open the policy page for your new role.

3. Click Add Policy to open the Add Policy dialog box.

4. Select the workspace to which you want the policy to apply. The policy also grants the users access to all resources that are contained within the selected workspace.

5. Click Add Policy to open the Policy X for WorkspaceName page (where X is the policy number). This page lists a set of permissions for each resource type: jobs, transformations, and connections.

6. In each Permissions section, select the allowed actions (for example, Create, Update, or Schedule) and the resources to which those actions apply.

   Note: Read permission is granted automatically for all resources in a workspace. When you access a workspace, you can always view all of its resources because Read permission is not inherited from the workspace.

7. Click Save (top right of the page) to save the selected permissions and return to the Role details page.

After you configure all permissions and are returned to the Roles page, you can click the name of any role to open its summary. The summary page includes two tabs: Policies and Assigned Users.

• Policies tab: Edit existing policies or add a new policy by clicking Add Policy at the bottom of the page.

• Assign Users tab: Assign users to the role. See the next section, Assigning Users to a Custom Role for detailed steps.

To return to the Roles page from the summary page, click Roles at the top left of the page.

Assigning Users to a Custom Role

From the Role summary page, you can assign users to that role, as follows:

1. Click the Assigned Users tab.

2. Click Assign User to open a dialog box where you can search for or select users to assign.

3. Click Assign User in the dialog box to add the selected users to the role. You are then returned to the Assigned Users tab.

   Note: Users that are assigned to the Admin role cannot be assigned to other roles.

User Roles Comparison

The following list shows which actions each user role can perform:

• View connections, jobs, and transformations: All roles (Admin, Standard, Job Creator, Job Operator)

• View application and job-execution logs: All roles (Admin, Standard, Job Creator, Job Operator)

• Execute jobs and transformations: All roles (Admin, Standard, Job Creator, Job Operator)

• Manage jobs and transformations: Admin, Standard, Job Creator

• Manage connections: Admin, Standard

• Install new connectors: Admin

• Manage users: Admin

• Change application settings: Admin

• View Audit logs: Admin