Roles and asset privacy settings for data source definitions
Roles and the asset privacy setting control what actions you can do for data source definitions and what connections you can see on the Connections assignments tab.
To use data source definitions, confirm that you have the required roles.
Step 1: Confirm that you have a required role for the Platform assets catalog
Each task requires either the Admin or Editor role for the Platform assets catalog. For information, see Creating the Platform assets catalog.
Step 2: Confirm that you have a required IBM Cloud IAM role
You need one of the following IBM Cloud IAM roles:
- CloudPak Data Source Creator: Create data source definitions and add endpoints from connections to data source definitions for connections that the user has access to.
- CloudPak Data Source Administrator: Create data source definitions and add endpoints from connections to data source definitions for connections that the user has access to. In addition, view the list of connections across the account on the Connection assignments tab.
Follow these steps to confirm that you have one of these IBM Cloud IAM roles:
- From the Cloud Pak for Data as a Service navigation menu, go to Administration > Access (IAM) and log in to IBM Cloud.
- From the IBM Cloud navigation menu, select Roles.
If you do not see the roles CloudPak Data Source Creator or CloudPak Data Source Administrator, you can create a custom role.
- Click Create.
- In the Create a custom role dialog box, enter values for the Name, ID, and optional Description.
- For Service, select Cloud Pak for Data as a Service.
- In the View the actions selection, select either CloudPak Data Source Creator or CloudPak Data Source Administrator.
- Click Add, and then Create.
For more information, see Creating custom user access roles in IBM Cloud IAM.
Step 3: Control access to the private asset after you create the data source definition (optional)
By default, when you create a data source definition, it is a private asset in the Platform assets catalog. To do certain tasks, you must be the owner or editor of the data source definition asset. If you want to change the ownership, add members to the asset, or make the asset public, see Controlling access to an asset in a catalog.
Required roles and asset privacy settings and where you use them
Following are the required roles and asset privacy settings for creating, editing, deactivating, and deleting data source definitions.
Create a data source definition
The following table describes where you create a data source definition and the required roles.
| Where you do this task | Platform assets catalog role | IBM Cloud IAM role |
|---|---|---|
| - Data source definitions tab: New data source definition button. - Connection assignments tab: Select a data source definition, and then click Add to data source definition > Create new. See also Connection assignments tab. |
One of the following: - Editor - Admin |
One of the following: - CloudPak Data Source Creator - CloudPak Data Source Administrator |
Edit a data source definition
The following table describes where you can edit a data source definition and the required roles and asset privacy setting.
| Where you do this task | Platform assets catalog role | IBM Cloud IAM role | Asset privacy setting |
|---|---|---|---|
- Data source definitions tab: Click the data source definition name or select Edit from the overflow menu  .
- Connection assignments tab: Select a data source definition, and then click Add to data source definition > Add to existing. See also Connection assignments tab. |
The role depends on the asset privacy setting of the data source definition. | One of the following: - CloudPak Data Source Creator - CloudPak Data Source Administrator |
If the data source definition is a private asset (default), you must have the following role and ownership: - Editor or Admin role for the Platform assets catalog - Be the owner or editor of data source definition asset If the data source definition has been changed to a public asset, you must have one of the following combinations of role and ownership: - Admin role for the Platform assets catalog Or - Editor role for the Platform assets catalog - Be the owner or editor of the data source definition asset |
Deactivate or delete a data source definition
The following table describes where you can deactivate or delete a data source definition and the required roles and asset privacy setting.
| Where you do this task | Platform assets catalog role | IBM Cloud IAM role | Asset privacy setting |
|---|---|---|---|
| Data source definitions tab: Open the overflow menu for the data source definition, and then select Deactivate or Delete. |
The role depends on the asset privacy setting of the data source definition. | One of the following: - CloudPak Data Source Creator - CloudPak Data Source Administrator |
If the data source definition is a private asset (default), you must have the following role and ownership: - Editor or Admin role for the Platform assets catalog - Be the owner or editor of data source definition asset If the data source definition has been changed to a public asset, you must have one of the following combinations of role and ownership: - Admin role for the Platform assets catalog Or - Editor role for the Platform assets catalog - Be the owner or editor of the data source definition asset |
View the list of data source definitions on the Data source definitions tab
To view the data source definitions on the Data source definitions tab, you must have the following roles.
| Platform assets catalog role | IBM Cloud IAM role |
|---|---|
| One of the following: - Editor - Admin |
One of the following: - CloudPak Data Source Creator - CloudPak Data Source Administrator |
To view an individual data source definition in the Data source definitions list, the data source definition must be a public asset. Or, if the data source definition is a private asset (default), you must be the owner, editor, or viewer of the data source definition asset.
View the list of connections on the Connection assignments tab
To view the connections on the Connection assignments tab, you must have the following roles.
| Platform assets catalog role | IBM Cloud IAM role |
|---|---|
| One of the following: - Editor - Admin |
One of the following: - CloudPak Data Source Creator - CloudPak Data Source Administrator |
The connections are identified by Connection ID. If you have the CloudPak Data Source Administrator role, you can see the connection names and additional details. Select the Additional filters 
, and then Show only: Connections that you have access to.
These IBM Cloud IAM roles control which connections and connection details you can see on the Connection assignments tab.
| View | IBM Cloud IAM role |
|---|---|
| - View only the connections on the platform in the account that you have access to. - View the additional details such as the connection name and endpoints. |
CloudPak Data Source Creator |
| View all the connections on the platform in the account, including the connections that you do not have access to. - For connections that you do not have access to, you can view limited metadata, including the assigned data source definition. - For connections that you have access to, you can see the additional details such as the connection name and endpoints. |
CloudPak Data Source Administrator |
Learn more
- Creating a data source definition from the Data source definition list
- Connection assignments tab: Adding endpoints to a new or existing data source definition
- Editing, deactivating, activating, or deleting data source definitions
Parent topic: Data protection with data source definitions