Users and Roles
To add additional flavor to your testing activities, you can now leverage any of the preconfigured users to showcase Protegrity’s Role-Based Access Controls. Using a diffierent user will result in distinct views over sensitive data. Some users will only be able to protect data but will not be able to reverse the operation. Some users will only be able to re-identify selected attributes.
To use any of the roles, simply pass your chosen value to the payload in the user attribute during the protect or unprotect operation. If the user is not specified, the request will default to superuser.
Available Roles
The following roles and users have been configured and are available for use:
ADMIN:
admin or devops or jay.banerjee The role can protect all data but cannot unprotect. Upon an unprotection attempt they will be displayed protected values.
FINANCE:
finance or robin.goodwill The role can unprotect all PII and PCI data. The role cannot protect any data. When attempting to unprotect data without authorization, they will be displayed nulls.
MARKETING:
marketing or merlin.ishida The role can unprotect some PII data that is required for analytical research and campaign outreach. When attempting to unprotect data without authorization, they will be displayed nulls. The role cannot protect any data.
HR:
hr or paloma.torres The role can unprotect all PII data but cannot view any PCI data. When attempting to unprotect data without authorization, they will be displayed nulls. The role cannot protect any data.
OTHER:
superuser The role can perform any protect and unprotect operation. The role has been made available for testing only – we strongly advise against creating superuser roles in your environments.
Additionally, you may type in any user name to simulate unauthorized user behavior.
Last modified February 24, 2025