The role details page displays information about a role, including the asset and feature privileges that are associated with the role. For system-defined roles, you can view the role information and privileges. For custom roles, you can view and change the role information and the assigned asset and feature privileges.
To display the role details page, in Administrator, select User Roles, and then click the role name.
The following image shows the role details page:
Each role has the following properties:
Role name
Name of the role. For custom roles, you can change the role name.
Description
Role description. For custom roles, you can change the role description.
Services
Name of the service for which privileges are enabled or disabled. Select a service to view the asset and feature privileges that are associated with the service.
If the license for a service expires, the service is marked as disabled. You can view the asset and feature privileges that are associated with a disabled service.
Assets
Asset privileges for the selected service. Asset privileges control access to different types of assets. For example, users with the Service Consumer role can view and run mappings in Data Integration, but they cannot create, update, delete, or set permissions on mappings.
The following table describes the asset privileges:
Privilege
Description
Create
Create assets of the selected type. For Secure Agents, this privilege allows users to download and install the Secure Agent.
Requires the Read and Update privileges, which are automatically granted.
Read
Open assets of the selected type. For tasks, this privilege also allows users to use a connection or schedule in the task.
Update
Edit assets of the selected type.
Requires the Read privilege, which is automatically granted.
Delete
Delete assets of the selected type.
Run
Run assets of the selected type.
For the Data Integration service, users can run mappings, tasks, or taskflows. Users can also monitor, stop, and restart instances of the mapping, task, or taskflow.
For the Hub Integration service, users can run publications or subscriptions.
Set permission
Configure permissions for assets of the selected type. For example, if you grant this privilege for projects, users with the role can select a project and enable other users and groups to read, update, delete, or change permissions for the selected project.
To configure this privilege, your organization must have the appropriate license.
If a privilege does not apply to an asset type, the privilege is disabled. For example, the run privilege is disabled for folders.
For custom roles, you can enable and disable the asset privileges for a service as long as the service is not disabled.
Features
Feature privileges for the selected service. Feature privileges are general privileges that control the ability to use the features of a service. For example, users with the Designer role have the ability to perform data catalog discovery in Data Integration but not to preview data.
For custom roles, you can enable and disable feature privileges for a service as long as the service is not disabled.
Application Integration feature privileges
Use Application Integration feature privileges to create custom roles.
Important: You must assign the Folder and Project asset privileges to the user's role. To do this, select the Data Integration service and then select the CRUD options for the folder and project assets.
You can enable the following Application Integration feature privileges when you create a custom role:
Administration
Assign the Administration privilege to a role when you want the user to have complete design-time and run-time administrative access to the Application Integration and Application Integration Console.
Users with the Administration privilege can perform the following tasks:
- View, create, update, and delete all Application Integration assets.
- Manage and invoke services.
- Stop running processes.
- View instances and logs for deployed process.
- Deploy Process Developer BPR files to the Application Integration Console.
- Manage deployed catalogs.
- View WSDL files deployed across multiple systems.
- View Process Server metrics.
Note: The Application Integration Administration privilege does not give the user Informatica Intelligent Cloud Services-wide administrator privileges. For example, a user with the only the Application Integration Administration privilege will be unable to create sub-organizations.
Console Administration
Assign the Console Administration privilege to a role when you want the user to have near-complete access to the Application Integration Console.
Users with the Console Administration privilege can perform the following tasks:
- View instances for deployed process.
- Stop running processes.
- View deployed Process Developer BPRs and catalogs.
- View WSDL files deployed across multiple systems.
- View Process Server metrics.
Users with the Console Administration privilege cannot delploy BPR files.
Data Viewer
Assign the Data Viewer privilege to a user who needs to access detailed logs in the Application Integration Console.
For example, you could assign this privilege to a someone who needs to see all logs across the organization. You would not normally assign this role to a developer.
Note: The process logging level must be set to verbose to get detailed logs.
Development
Assign the Development privilege to developers who will occasionally need to debug processes.
Users with the Development privilege can perform the following tasks:
- View, create, update, and delete all Application Integration assets.
- Invoke services.
- View the Detailed Process Instance page on the Application Integration Console.
- Manage processes instances.
Monitoring
Assign the Monitoring privilege to a user who needs to view all parts of the Application Integration Console except for detailed logs.
Publish Application Integration Assets
Assign the Publish Application Integration Assets privilege to a user that needs to be able to publish Application Integration processes, guides, connections, or service connectors.
View Application Integration Console
Assign the View Application Integration Console privilege to a user who needs access to the Application Integration Console service. You must assign this privilege to any role that has privileges that include working on the Application Integration Console.
For example, you need to assign this privilege along with the Development privilege.
View Application Integration Designer
Assign the View Application Integration Designer privilege to a user who needs access to the Application Integration service. You must assign this privilege to any role that has privileges that include working on the Application Integration Console.
For example, you need to assign this privilege along with the Publish Application Integration Assets privilege.
Data Quality feature privileges
Use Data Quality feature privileges to grant users access to the preview functionality in data quality assets. You can enable the feature privileges when you create a custom role.
You can enable the following feature privileges for Data Quality:
Data Preview - Dictionaries
Enable the Data Preview - Dictionaries privilege on a role to enable a user to view the contents of a dictionary in the following cases:
- The user opens the dictionary from the Explore page.
- The user selects the dictionary in a Data Quality asset.
Data Preview - Test Panel
Enable the Data Preview - Test panel privilege on a role to enable a user to view data in the Test panel in a Data Quality asset.
The Data Quality feature privileges are enabled by default on the Administrator and Designer roles.
Note: The Data Preview - Dictionaries feature privilege and the Read privilege for dictionary assets work independently of each other. The Read privilege allows you to open the dictionary from the Explore page. The Data Preview - Dictionaries privilege allows you to view the dictionary data.
If you open a dictionary without the Data Preview - Dictionaries privilege, Data Quality displays a message to notify you that you do not have sufficient permissions to view the data.
