- Admin
- Data protection admin
Permissions matrix
| Action | Admin | Data protection admin | Orka user |
|---|---|---|---|
| Manage admin group | ✓ | ✗ | ✗ |
| Manage data protection admin group | ✓ | ✓ | ✗ |
| Manage own sources and destinations | ✓ | ✓ | ✓ |
| Manage data protection rules | ✗ | ✓ | ✗ |
| Test data protection rules | ✓ | ✓ | ✓ |
| Manage own pipelines | ✓ | ✓ | ✓ |
Manage means full access (adding, editing and deleting) specified objects.
Our recommendations
- Separate security from general admin - keep data protection administration separate from infrastructure administration
- Assign groups based on role - admin group: people with infrastructure and DevOps knowledge. Data protection admin group: people with data governance and compliance expertise
- Have multiple data protection admins - prevent bottlenecks in data protection rule changes by assigning multiple people