Users & Roles
DQM has two predefined roles:
admin - Allows all actions inside DQM and has access to all data sources. Admin users can modify all DQM settings
user - Allows all privileges inside DQM and has access to all data sources
Adding a custom role
Role name - Identifier role name
Allowed connections - Allowed data sources for given role
Read-only - Defines given role as read-only, which will be assigned to license read-only users
Privileges - Access to specific functionalities of DQM. You can also use "All privileges" slider to enable all DQM functionalities or disable specific pages for selected role.
Adding a read-only role
For read-only users you can choose specific pages they have access to.
Adding a new user
Username - Username identifier
Display name - Display name which will be displayed throughout DQM
Email - User email address used for alerts
Password - User password (Password must be between 12 - 72 characters. We recommend using a mix of words, numbers and symbols). For OAuth/LDAP/AD users no password is needed. If these users will be assigned a password, they can access with both OAuth/LDAP/AD authentication and local user.
Role - Role determines what the user can do in DQM based on the privileges and allowed connections assigned to that role.
Recovering admin user
If in some case admin user credentials are forgotten, admin user password can be reset from the application machine. DQM container/JAR file should be rerun with parameter “dqm.recovery.password”
Privileges
The privileges below correspond to the toggles in the role-edit dialog. Each section starts with a top-level "view" privilege that grants access to the page; all sub-privileges in that section additionally require that view privilege to be enabled.
Dashboard
View dashboard - Grants access to the dashboard page
Add/edit dashboard - Allows creating, editing and deleting dashboard tiles and layout
Connections
View connections page - Grants access to the connections page
Add/edit connections - Allows creating, editing and deleting data source connections
Catalog
View catalog page - Grants access to the data catalog page
Add/edit catalog objects - Allows creating, editing and deleting catalog objects
Add/edit glossary terms - Allows managing business glossary terms
Add/edit business rules - Allows managing business rules
Allow catalog imports - Allows running catalog imports from external sources
Directories - Allows managing the catalog directory tree
Test cases
View test cases page - Grants access to the test cases page
Add/edit test cases - Allows creating, editing and deleting test cases
Add/edit test case reports - Allows managing test case reports
Add/edit dynamic rules - Allows managing dynamic rules used to auto-generate test cases
View test case results - Allows viewing test case run results and history
Test suites
View test suites page - Grants access to the test suites page
Add/edit test suites - Allows creating, editing and deleting test suites
Add/edit directories - Allows managing the test suite directory tree
View test suite reports - Allows viewing test suite reports
Add/edit suite reports - Allows creating, editing and deleting test suite reports
Profiling
View profiling page - Grants access to the profiling page
Add/edit profiling objects - Allows managing objects to profile
Add/edit profiling rules - Allows managing profiling rules
General
Allow to execute - Allows running test cases, test suites and profilings
Add/edit global variables - Allows managing global variables
Allow exports - Allows exporting data and configurations from DQM
Allow AI assistant - Grants access to the AI assistant (requires the assistant to be enabled in global settings).
Add/edit custom fields - Allows managing custom fields on catalog objects and other entities.
Allow to view change history - Allows viewing audit history / change diffs on entities.
Example users & roles
The examples below show how roles can be designed for different personas, and how a user inherits the union of privileges from all roles assigned to them.
The first column lists every privilege (grouped by section, matching the role-edit dialog); a checkmark (✓) marks privileges the role grants.
R1 - data steward
R2 - data analyst
R3 - data engineer
R4 - product owner
Privilege / role | R1 | R2 | R3 | R4 |
|---|---|---|---|---|
Allowed connections | C1 | C1, C2 | C1, C2, C3 | C3 |
Dashboard | ✓ | ✓ | ||
Connections | ||||
Add/edit connections | ||||
Catalog | ✓ | ✓ | ✓ | |
Add/edit catalog objects | ✓ | ✓ | ||
Add/edit glossary terms | ✓ | ✓ | ||
Add/edit business rules | ✓ | ✓ | ||
Allow catalog imports | ✓ | ✓ | ||
Add/edit directories | ✓ | ✓ | ||
Test cases | ✓ | ✓ | ||
Add/edit test cases | ✓ | ✓ | ||
Add/edit test case reports | ✓ | ✓ | ||
Add/edit dynamic rules | ✓ | ✓ | ||
View test case results | ✓ | |||
Test suites | ✓ | ✓ | ||
Add/edit test suites | ✓ | ✓ | ||
Add/edit directories | ✓ | ✓ | ||
Profiling | ✓ | ✓ | ||
Add/edit profiling objects | ✓ | |||
Add/edit profiling rules | ✓ | |||
Allow to execute | ✓ | ✓ | ||
Add/edit global variables | ✓ | ✓ | ||
Allow exports | ✓ | ✓ | ||
Allow AI assistant | ✓ | ✓ |
When a user is assigned multiple roles, both their allowed connections and their privileges are unioned across those roles.
User | Roles | Explanation |
|---|---|---|
U1 | R4 | Can only access dashboard and catalog for one specific connection. Basically a reader role for a specific data source. |
U2 | R1, R2 | Can access databases C1, C2 and all functionality, other than editing connections and editing profilings. |
U3 | R2, R4 | Exactly same privileges as just R2 + access to C3 database with these privileges. |
U4 | R1, R2, R3, R4 | Can do everything but access connection editing. |
U5 | R1, R4 | Can execute test cases against C1+C3 database (access privileges are stacked). |