Asset Management > Project and Asset Management > Permissions

Permissions

Permissions determine the access rights that a user has for a Secure Agent, Secure Agent group, connection, schedule, or asset. Permissions add additional or custom security for an object. Permissions define which users and groups can read, update, delete, execute, and change permissions on the object.

To configure permissions on an object, you need the following licenses and privileges:

•To configure permissions at the project level for all assets in a project, your organization must have the Set/Unset Security Permissions at Project Level license.
•To configure permissions at the folder level for all assets in a folder, your organization must have the Set/Unset Security Permissions at Folder Level license.
•To configure permissions on individual assets, your organization must have the Fine Grained Security license.
•The role assigned to your user account or to a group in which you are a member must have the Set Permission privilege for the object type. For example, to configure permissions on a Secure Agent, you must be assigned a role that has the Set Permission privilege for Secure Agents.

To configure permissions on an object, navigate to the object and set the appropriate permissions. For example, you want only users in the Development Team user group to have access to assets in the Development Data folder. Navigate to the folder, edit the permissions, and grant the Development Team user group permissions on the folder.

Permissions apply to the objects that you configure but not to copies of the object. Therefore, when you copy or export an asset, the permissions are not copied or exported with the asset. For example, you export a mapping task in which only user rjones has execute permission. When you import the mapping task, the imported mapping has no permissions assigned to it. Therefore, any user with privileges to run mapping tasks can run the imported task.

You can configure the following permissions on an object:

Permission	Description
Read	Open and view the object. If the object is source controlled, this permission allows the user or group to pull or check out the object from the source control repository. You must have the read permission to access the integration hub connection to perform any operations. If you select a task, this permission also allows the user or group to use a connection or schedule in the task.
Update	Edit the object. If the object is source controlled, this permission allows the user or group to check in, check out, pull, unlink, or roll back the object. Requires read permission, which is automatically granted.
Delete	Delete the object.
Execute	Run the object. Applies to mappings, tasks, taskflows, and Cloud Integration Hub assets. Monitor, stop, and restart instances of the mapping, task, or taskflow.
Change permissions	Change the permissions that are assigned to the object.

Note: These permissions control permissions within Informatica Intelligent Cloud Services. They do not control operating system permissions, such as the ability to start, stop, or configure the Secure Agent on Windows or Linux.

Rules and guidelines for permissions

Use the following rules and guidelines for permissions:

•When you configure permissions on an object, verify that the user or group to which you grant permissions is assigned a role with the appropriate privileges for the object type. For example, if you grant a user with the Service Consumer role Update privilege on a particular folder, the user cannot update the folder because the Service Consumer role does not have update privileges for folders.
•To edit an asset, the user must have read permission on all assets used within the asset. For example, when you assign a user Read and Update permissions on a synchronization task, verify that the user also has Read permission on the connections, mapplets, schedules, and saved queries that are used in the task.

•When a user edits a task, assets without Read permission are not displayed. To avoid unexpected results, the user should cancel all changes and avoid editing the task until the user is granted the appropriate Read permissions.
•When configuring a taskflow, a user needs Execute permission on all tasks to be added to the taskflow.
•To edit a taskflow, a user needs Execute permission on all tasks in the taskflow. Without Execute permission on all tasks, the user cannot save changes to the taskflow.
•To run a taskflow, a user needs Read and Execute permissions on taskflows.
•To monitor jobs or to stop a running job, a user needs Execute permission on the mapping, task, or taskflow.
•If you assign custom permissions to a Data Integration task and invoke the Data Integration task through an Application Integration process or a guide, you must complete either of the following tasks:

- Give the Application Integration anonymous user permission to run the associated Data Integration asset.
- Add the Application Integration anonymous user to a user group that has permission to run the associated Data Integration asset.

Configuring permissions

You can configure permissions on an object if you are assigned a role with the Set Permission privilege for the object type. For example, to configure permissions on a folder, you must be assigned a role that has the Set Permission privilege for folders.

1Navigate to the object for which you want to configure permissions.

For example:

- To configure permissions on a Secure Agent or Secure Agent group, in Administrator, select Runtime Environments.
- To configure permissions on a connection, in Administrator, select Connections.
- To configure permissions on a mapping, in Data Integration, open the project and folder that contain the mapping.

2In the row that contains the object, either click Actions and select Permissions, or click the Change Permission icon.

The Permissions dialog box lists the users and groups that have permissions on the object.

If the Permissions dialog box lists no users or groups, then no permissions are configured for the object. Any user with appropriate privileges for the object type can access the object.

The following image shows the Permissions dialog box for a mapping:

The Permissions dialog box lists the users and groups that have permissions on the object. Users and groups not listed have no permissions on the object. However, if the dialog box lists no users or groups, then there are no permission restrictions on the object.

3To configure user permissions on the object:

aSelect Users.
bIf the user does not appear in the Users list, click Add, and select a user.
cEnable or disable the appropriate permissions on the user.

Note: When you grant any user permissions on the object, Informatica Intelligent Cloud Services also adds you as a user with permissions on the object. This prevents you from losing access to the object when you configure permissions.

4To configure user group permissions on the object:

aSelect Groups.
bIf the group does not appear in the Groups list, click Add, and select a group.
cEnable or disable the appropriate permissions on the group.

Note: When you grant any group permissions on the object, Informatica Intelligent Cloud Services also adds you as a user with permissions on the object. This prevents you from losing access to the object when you configure permissions.

5To remove all permissions restrictions for the object, remove all users and groups from the Permissions dialog box.

When you remove all users and groups, any user with appropriate privileges for the object type can access the object.

6Click Save.