Cloud Portal ONE Desktop ONE DQ&C ONE MDM ONE RDM ONE Runtime Server
User Community Service Desk Downloads

Governance Roles

Governance roles define what a user can do with data assets in ONE. They determine which actions are available (viewing, editing, managing access) based on the type of asset and the user’s responsibilities.

What governance roles are for

Governance roles let you standardize permissions across your organization.

Instead of configuring access for each user individually, you define roles once and assign them to users within groups.

For example:

  • A Data Steward can create and edit rules, terms, and catalog items.

  • A Data Consumer can view assets but not modify them.

  • A Data Owner has full control including managing who else can access their assets.

When a group receives access to an asset (through stewardship or sharing), each member’s governance role determines what they can actually do with it.

How governance roles work with groups

Governance roles are assigned within the context of a group. The same user can have different roles in different groups.

For example, someone might be a Data Owner in "Finance Analytics" but only a Data Consumer in "Marketing Analytics". When they work with finance assets, they have full control; when they work with marketing assets, they can only view them.

Which governance roles to use

Governance roles are typically designed around common data governance responsibilities, such as:

Data Owner

Defines data quality requirements and has full control over assets, including managing access.

Typically assigned to senior business managers responsible for a data domain.

Data Steward

Works with both technical and business assets. Can create, edit, and manage the lifecycle of assets like rules, terms, and catalog items.

Often responsible for day-to-day data quality.

Data Consumer

Views metadata and assets but cannot edit them. Designed for business or technical users who need to browse and understand data without modifying it.

In addition, you might need:

Data Administrator

Manages application settings and system configuration. Has broad access to platform administration features.

Data Operator

Can run operational actions on the platform but cannot modify assets or access data directly.

The roles listed here serve as a starting point and might be available in some preconfigured Ataccama environments. Otherwise, you create and customize governance roles to match your organization’s needs.

If existing roles are available in your environment, avoid deleting them as they might be referenced in other configurations.

Governance roles vs. identity provider roles

Modules with preconfigured roles

Reference Data and Data Observability modules use their own preconfigured roles that cannot be customized. For details, see Set Up Access and Governance and Manage Data Observability Permissions.

ONE works with two types of roles:

  • Governance roles

  • Identity provider roles

Governance roles are defined in ONE and assigned to users within groups (for example, Data Steward, Data Consumer). They control what you can do within the platform.

Identity provider roles are defined and assigned to users in your identity provider. Such roles are synchronized to ONE and control your authentication and basic platform access, that is, which features you can use.

Mapping identity provider roles to governance roles

To simplify administration, you can map identity provider roles to governance roles. This means everyone with a certain identity provider role automatically receives a corresponding governance role within specified groups.

For example, you might map:

  • All users with the "analyst" identity provider role → Data Consumer in the Analytics group.

  • All users with the "data_team" identity provider role → Data Steward in the Data Governance group.

This reduces manual assignment and ensures consistent permissions as people join or change teams.

For more on identity provider roles, see Identity Provider Roles.

Best practices for governance roles

  • Start with 3-4 roles. Most organizations don’t need more than a few well-defined roles. Add complexity only when you have clear requirements.

  • Align roles with responsibilities, not job titles. Focus on what people need to do with data, not their position in the organizational chart.

  • Keep role definitions consistent across groups. A "Data Steward" should mean the same thing everywhere. If different groups need different permissions, create distinct roles rather than redefining existing ones.

  • Review role assignments periodically. As responsibilities shift, ensure users still have appropriate roles. Remove roles users no longer need.

Was this page useful?