Delegated Administration

TrustLogix offers a role-based delegation model for administering data security and governance operations across data sources, domains, and compliance features. The roles are designed to support operational separation of duties and ease of administration.

Super User

• Scope: Global and full access across all TrustLogix functionalities.

• Responsibilities:

  • Manage all data sources and configurations.

  • Create and manage users and assign roles. Access to all modules, including DSPM, access governance, tagging, data risks, monitoring, and reporting.

  • Can create domain and products also assign the data assets to them

• UI Access: Full UI access.

Data Source Administrator

• Scope: Admin rights restricted to specific data sources.

• Responsibilities:

  • Manage configurations for the assigned data source(s).

  • Assign policy administrators and manage related policies.

  • Perform data classification, sensitive data tagging, access tracking, and alert configuration for the assigned data sources.

  • They can manage the users, like updating domains or database assignment of the users assigned to a data source

  • Can create domain and products also assign the data assets to them

• UI Access: Full access is limited to their assigned data sources.

Compliance Manager

• Scope: DSPM (Data Security Posture Management) functionalities across the environment.

• Responsibilities:

  • View and analyze data sprawl reports, access patterns, and sensitive data movement.

  • Monitor alerts and policy violations.

  • Generate compliance and risk reports.

• UI Access: Read/write access to DSPM dashboards and reports.

Policy Administrator

• Scope: Limited by Data Source or Domain assignment.

• Responsibilities:

  • Create and manage access control policies (RBAC, ABAC, masking).

  • When assigned:

    • Data Source Level: Policies can be created and applied only to that data source using database-level templates.

    • Domain Level: Can manage policies using domain-level templates, and only for assets defined within that domain.

      • Can manage products and their assets

• Restrictions:

  • Cannot use system-wide templates.

  • UI visibility and functionality are limited to their scope.

  • Policy administrators with domain assignments will:

  • Only see policies mapped to their domain.

  • Only use domain-specific templates.

  • Policy administrators with database assignments will:

  • Only see policies mapped to their assigned databases.

  • Only use database-specific templates.

• UI Access: Yes, based on assigned scope.

User Attribute Administrator

• Scope: User Attribute Configuration to the assigned data sources.

• Responsibilities:

  • Define and manage user attributes for the assigned data sources used in ABAC policies.

  • Maintain allowed values and hierarchical mappings for user entitlements.

• UI Access: Yes, limited to attribute management panels.

Attribute Value Manager

• Scope: User Attribute Value Configuration to the assigned data sources.

• Responsibilities:

  • Maintain allowed values and hierarchical mappings for user entitlements for the assigned data source.

• UI Access: Yes, limited to attribute value management panels.

Policy Reader

• Scope: Read-only access to the assigned data sources

• Responsibilities:

  • View configurations, policies, reports, and dashboards.

  • No create, edit, or delete permissions.

• UI Access: Read-only access.

Policy Promoter

• Scope: Integration-focused automation.

• Responsibilities:

  • Promote and push policies using TrustLogix APIs.

  • Does not interact with the UI.

  • Commonly used in CI/CD pipelines or external integrations.

UI Access: No UI access.

Permissions Matrix