Privilege | Description |
|---|---|
Create | Create assets of the selected type. For Secure Agents, this privilege allows users to download and install the Secure Agent. Automatically grants the Read and Update privileges. |
Read | Open assets of the selected type. For tasks, this privilege also allows users to use a connection or schedule in the task. |
Update | Edit assets of the selected type. Automatically grants the Read privilege. |
Delete | Delete assets of the selected type. |
Run | Run assets of the selected type. For the Data Integration service, users can run mappings, tasks, or taskflows. Users can also monitor, stop, and restart instances of the mapping, task, or taskflow. For the Cloud Integration Hub service, users can run publications or subscriptions. |
Set permission | Configure permissions for assets of the selected type. For example, if you grant this privilege for projects, users with the role can select a project and enable other users and groups to read, update, delete, or change permissions for the selected project. To configure this privilege, your organization must have the appropriate license. |
Asset privilege | Description |
|---|---|
Connection | Allows users to create, read, update, delete, or set permissions on connections. |
Elastic Configuration | Allows users to create, read, update, delete, or run advanced configurations. |
Folder | Allows users to create, read, update, delete, or set permissions on project folders. |
Group | Allows users to create, read, update, or delete user groups. |
OAuth Client | Allows users to create, read, update, or delete OAuth 2.0 clients. For more information about creating and managing OAuth 2.0 clients, see the help for API Center. |
Organization | Allows users to read and update organization information. |
Privilege | Allows users to view the asset and feature privileges associated with each role. |
Project | Allows users to create, read, update, delete, or set permissions on projects. |
Role | Allows users to view users' roles and the User Roles page in Administrator. |
Schedule | Allows users to create, read, update, delete, or set permissions on project schedules. |
Scheduler Blackout | Allows users to create, read, update, or delete schedule blackout periods. |
Scheduler Job | Allows users to run assets on a schedule, view schedule information for assets, update the schedule for an asset, or delete a schedule from an asset. |
Secure Agent | Allows users to create, read, update, delete, or set permissions on Secure Agents. |
Secure Agent Group | Allows users to create, read, update, delete, or set permissions on Secure Agent groups. |
User | Allows users to create, read, update, and delete user accounts. |
Feature privilege | Description |
|---|---|
AdditionalOrg creation privilege | Allows users to create additional production and sandbox organizations when the AdditionalOrg view privilege is also granted. |
AdditionalOrg view privilege | Allows users to view additional production and sandbox organizations from the production organization. This privilege is required to create additional production and sandbox organizations. |
Asset - check in/out | Allows users to check in and check out assets from the source control repository. |
Asset - export | Allows users to export assets from the organization. |
Asset - import | Allows users to import assets into the organization. |
Asset - pull version | Allows users to pull assets from the source control repository. |
Asset - Source Control Logs | Allows users to view the source control logs. |
Audit Log - view | Allows users to view the audit log. |
Bundle - create | Allows users to create bundles when the "Bundle - view" privilege is also granted. |
Bundle - delete | Allows users to delete bundles when the "Bundle - view" privilege is also granted. |
Bundle - install | Allows users to install bundles so that they are available to your organization when the "Bundle - view" privilege is also granted. |
Bundle - publish | Allows users to publish bundles when the "Bundle - view" privilege is also granted. |
Bundle - update | Allows users to update bundles when the "Bundle - view" privilege is also granted. |
Bundle - view | Allows users to view bundles. This privilege is required to create, delete, install, publish, and update bundles. |
Configure Custom Repository Source Control | Allows users to configure a project-specific repository URL and branch name for project-level source control repositories when the Configure Source Control privilege is also granted. |
Configure Source Control | Allows users to configure source control to enable version management for projects, folders, and assets. |
Connectors - view | Allows users to view the connectors available to their organization and to view the Add-On Connectors page in Administrator. |
Force Undo Checkout | Allows users to undo the checkout of an object that has been checked out by another user. |
KMS View managed Key | Allows users to view the Customer Managed Keys area on the Security tab of the Settings page. |
Manage Billing | Allows users of Data Integration-PayGo to manage their payment information. For more information about Data Integration-Free and PayGo, see "Introducing Informatica Cloud Data Integration-Free and PayGo." |
Manage key rotation settings | Allows customers to manage key rotation for their organization through the platform REST API version 3 key resource. For more information about the v3 key resource, see REST API Reference. |
ratecard.view | Allows users to view the current rate card for their organization on the Metering page. |
SMS Manage Connection | Allows users to enable and disable the use of a secrets manager for the organization and to configure and update the secrets manager settings. |
SMS View Connection | Allows users to view the Secret Vault area on the Security tab of the Settings page. |
Suborg - create | Allows users to create sub-organizations when the "Suborgs - view" privilege is also granted. |
Suborg - delete | Allows users to delete sub-organizations when the "Suborgs - view" privilege is also granted. |
Suborg - update | Allows users to edit sub-organization settings when the "Suborgs - view" privilege is also granted. |
Suborgs - link | Allows users to link sub-organizations when the "Suborgs - view" privilege is also granted. |
Suborgs - manage licenses | Allows users to manage licenses for the organization's sub-organizations when the "Suborgs - view" privilege is also granted. |
Suborgs - unlink | Allows users to unlink sub-organizations from the parent organization when the "Suborgs - view" privilege is also granted. |
Suborgs - view | Allows users to view sub-organizations and switch into sub-organizations from the parent organization. This privilege is required to create, delete, update, link, manage the licenses of, and unlink sub-organizations. |
Upgrade SDI | Allows users to upgrade Data Integration-Free organizations to PayGo organizations. For more information about Data Integration-Free and PayGo, see "Introducing Informatica Cloud Data Integration-Free and PayGo." |
Feature privilege | Description |
|---|---|
Administration | Gives users complete design-time and run-time administrative access to the Application Integration and Application Integration Console. Allows users to perform the following tasks:
Note: This privilege doesn't give users organization administration privileges. For example, a user with the only the Application Integration Administration privilege can't create sub-organizations. |
Console Administration | Gives users near-complete access to the Application Integration Console. Allows users to perform the following tasks:
This privilege doesn't allow users to deploy BPR files. |
Data Viewer | Gives users access to detailed logs in the Application Integration Console. For example, you might assign this privilege to a someone who needs to see all logs across the organization. You would not normally assign this role to a developer. Note: The process logging level must be set to verbose to get detailed logs. |
Development | Gives users the ability to debug processes. Allows users to perform the following tasks:
|
Monitoring | Gives users the ability to view all parts of the Application Integration Console except for detailed logs. Allows users to perform the following tasks:
|
Publish Application Integration Assets | Gives users the ability to publish Application Integration processes, guides, connections, and service connectors. |
View Application Integration Console | Gives users access to the Application Integration Console. You must assign this privilege to any role that has privileges that include working on the Application Integration Console. For example, assign this privilege with the Development privilege. |
View Application Integration Designer | Gives users access to Application Integration. You must assign this privilege to any role that has privileges that include working on the Application Integration Console. For example, assign this privilege with the Publish Application Integration Assets privilege. |
Feature | Description |
|---|---|
Access Data Access Management | Allows users to see Data Access Management on the My Services page. |
Approve data access policies | Allows users to read the following assets:
Allows users to read, approve, and decline policy tasks. |
Curate data access policies | Allows users to create, read, edit, and delete the following assets:
Allows users to read and edit data classes. Allows users to view audit events and terms. |
Execute data access policies | Allows a user to run a mapping that includes a data access policy in Data Integration. |
View data access policies | Allows users to read the following assets:
|
Manage system settings | Allows users to change access control policy behavior, configure the data proxy, and view audit events. |
Feature | Description |
|---|---|
Access Data Governance and Catalog application | Enable this feature to grant access to Data Governance and Catalog. If disabled, you cannot access Data Governance and Catalog to perform any governance tasks. |
Curate Automatic Glossary Associations | Give users the ability to curate Glossary terms that appear as intelligent suggestions in Data Governance and Catalog. |
Curate Data Classifications | Give users the ability to curate data classifications that appear as intelligent suggestions in Data Governance and Catalog. |
Export | Give users the ability to export assets from Data Governance and Catalog in the Microsoft Excel format. |
Import | Give users the ability to download predefined templates and import business assets into Data Governance and Catalog. If you enable this privilege, you must additionally grant users the following asset privileges to import assets:
|
Participate in Change Approvals | Allow users the following privileges:
The role for which you grant this privilege appears in the Role in Metadata Command Center when a user creates or modifies a workflow task. |
Stakeholdership | Allow users the following privileges in Data Governance and Catalog:
|
Super Admin | Allows users access to unique administrator capabilities beyond the Governance Administrator role. |
View Business Assets | Give users the ability to view business assets in Data Governance and Catalog. |
View Data Classifications | Give users the ability to view data classification for technical assets in Data Governance and Catalog. |
View Profiled Stats | Give users the ability to view profiling statistics for technical assets in Data Governance and Catalog. |
View Sensitive Data | Give users the ability to view asset details that are classified as sensitive in Data Governance and Catalog. |
View Technical Assets | Give users the ability to view technical assets in Data Governance and Catalog. |
View Unpublished Content | Give users the ability to view assets that are in the unpublished state during an approval workflow process in Data Governance and Catalog. |
Feature | Description |
|---|---|
Access Data Marketplace application | Display Data Marketplace in the Informatica Intelligent Cloud Services My Services page. |
Approve data collection order | Approve a Data User's request to gain access to a Data Marketplace. |
Bulk import data categories | Create multiple new categories at once in Data Marketplace. |
Bulk import data collections | Create multiple new data collections at once in Data Marketplace. |
Curate consumer access | Curate consumer accesses in Data Marketplace. |
Curate data categories | Curate categories in Data Marketplace. |
Curate data collections | Curate data collections in Data Marketplace. |
Curate delivery targets | Curate the delivery targets of a data collection. |
Curate delivery templates | Curate the delivery templates in Data Marketplace. |
Fulfill data collection order | Grant data collection access to a Data User that ordered the data collection. |
Manage application options | Configure the various settings of Data Marketplace. |
Order data collection | Request access to a data collection. |
View data categories | View categories in Data Marketplace. |
View data collections | View data collections in Data Marketplace. |
Asset privilege | Description |
|---|---|
API Collection | Allows users to create, read, update, delete, run, and set permissions on API collections. |
Azure Data Sync Task | Allows users to create, read, update, delete, run, and set permissions on Azure data sync tasks. Azure data sync tasks are used in Data Accelerator for Azure. |
Business Service Definition | Allows users to create, read, update, delete, and set permissions on business services. |
Data Loader Task | Allows users to create, read, update, delete, run, and set permissions on data loader tasks. |
Data Masking Task | Allows users to create, read, update, delete, run, and set permissions on data masking tasks. |
Data Transfer Task | Allows users to create, read, update, delete, run, and set permissions on data transfer tasks. |
Dynamic Mapping Task | Allows users to create, read, update, delete, run, and set permissions on dynamic mapping tasks. |
File Listener | Allows users to create, read, update, delete, run, and set permissions on file listeners. |
Fixed-Width File Format | Allows users to create, read, update, delete, run, and set permissions on fixed-width file formats. |
Hierarchical Schema | Allows users to create, read, update, delete, run, and set permissions on hierarchical schemas. |
Industry Data Services | Allows users to create, read, update, delete, run, and set permissions on industry data service customizers. |
Intelligent Structure Task | Allows users to create, read, update, delete, run, and set permissions on intelligent structure models. |
Linear Taskflow | Allows users to create, read, update, delete, run, and set permissions on linear taskflows. |
Mapping | Allows users to create, read, update, delete, run, and set permissions on mappings. To run a mapping, users must have Run permission on both mappings and mapping tasks. |
Mapping Task | Allows users to create, read, update, delete, run, and set permissions on mapping tasks. To run a mapping task, users must have Run permission on both mappings and mapping tasks. |
Mapplet | Allows users to create, read, update, delete, run, and set permissions on mapplets. |
PowerCenter task | Allows users to create, read, update, delete, run, and set permissions on PowerCenter tasks. |
Replication Task | Allows users to create, read, update, delete, run, and set permissions on replication tasks. |
Saved Query | Allows users to create, read, update, delete, run, and set permissions on saved queries. |
Sequence Generator | Allows users to create, read, update, delete, and set permissions on shared sequences. |
Swagger | Allows users to create, read, update, and delete Swagger files. |
Synchronization Task | Allows users to create, read, update, delete, run, and set permissions on synchronization tasks. |
Taskflow | Allows users to create, read, update, delete, run, and set permissions on taskflows. |
User-Defined Function | Allows users to create, read, update, delete, run, and set permissions on user-defined functions. |
Visio Template | Allows users to create, read, update, delete, run, and set permissions on Visio templates. |
Feature privilege | Description |
|---|---|
Access CDI error logs | Allows users to preview error rows files from the All Jobs, Running Jobs, and My Jobs pages, and from the job details. |
Data - preview | Allows users to preview data in mappings and when they run SQL ELT optimization data preview jobs. |
EDC for IICS Discovery | Allows users to use data catalog discovery to find objects from Enterprise Data Catalog and use them in mappings and some types of tasks. Note: Before users can perform data catalog discovery, you must configure the Enterprise Data Catalog integration properties on the Organization page. |
Privilege | Description |
|---|---|
Data Profiling | Create, read, update, delete, run, and set permissions for a data profiling task. |
Data Profiling - Compare Columns | Compare columns in a profile run. |
Data Profiling - Compare Data Profiling Runs | Compare multiple profile runs. |
Data Profiling - Data Profiling Results - View |
|
Data Profiling - Drill down | View and select the drill-down option when you create a data profiling task. |
Data Profiling - Export Data Profiling Results | Export the profiling results to a Microsoft Excel file. |
Data Profiling - Manage Rules | Add or delete rules for a data profiling task. |
Data Profiling - Query - Create | Create a query. |
Data Profiling - Query - Submit | Run a query and view query results. |
Data Integration - Data Preview | View source object data in the Data Preview area. |
Data Profiling Sensitive Data - view | Hide sensitive information for a particular user role. When the Sensitive Data - view privilege is configured, you cannot view the minimum value, maximum value, and most frequent values information in the compare column tab. |
Data Profiling Disable Data Value Storage | Does not store minimum, maximum, and most frequent values in the profiling warehouse. When you configure the Disable Data Value Storage feature, the sensitive information is not stored in the profile results and the source system. The values are not stored even if you have permissions to view the sensitive data, or if you configure a profiling task with the Maximum Number of Value Frequency Pairs option. By default, this feature is disabled. When the feature is disabled, the values are stored as expected. |
Features | Custom role | Administrator or Designer | Result |
|---|---|---|---|
Disable Data Value Storage | Inactive | Active | Sensitive information is not stored. |
Active | Inactive | Sensitive information is not stored. | |
Sensitive Data- view | Inactive | Active | Sensitive information is displayed. |
Active | Inactive | Sensitive information is displayed. |
Feature privilege | Description |
|---|---|
Data Preview - Dictionaries | Allows users to view the contents of a dictionary in the following cases:
|
Data Preview - Test Panel | Allows users to view data in the Test panel in a Data Quality asset. Note: To run a test in a Data Quality asset, your role must also have the Run privilege for mappings in Data Integration. |
Exceptions Data - Delete | Enables users to delete the exception data associated with an exception management job from the exception data store. Find the exception management job on the My Jobs page in Data Quality, Data Profiling, or Data Integration. |
Exceptions Data - View | Enables users to download the exception records that an exception management job identifies. Find the exception management job on the My Jobs page in Data Quality, Data Profiling, or Data Integration. |
Asset privilege | Description |
|---|---|
Read | Allows users to view registered domains and domain details. |
Create | Allows users to perform the following tasks:
Create includes the Read and Update privileges. |
Update | Allows users to perform the following tasks:
Update includes the Read privilege. |
Delete | Allows users to perform the following tasks:
Delete includes the Read privilege. |
Domain Registration feature privilege | Description |
|---|---|
Domain Update | Allows users to update a domain. |
Asset privilege | Description |
|---|---|
Human Task Assets | Allows users to perform the following actions:
|
Feature privilege | Description |
|---|---|
Development | Allows users to create and edit human task assets and use Human Task steps in Application Integration processes. |
View Human Task Application | Allows users to view and access the Human Task service. |
View Tasks | Allows users to access the Human Task Inbox in the Human Task service. |
Service | Asset type | Asset privileges |
|---|---|---|
Mass Ingestion | Database Ingestion Task | Create, Read, Update |
Administrator | Connection | Read |
Administrator | Secure Agent Group | Read |
Service | Feature privileges |
|---|---|
Administrator | Connectors - view |
Feature | Description |
|---|---|
Access Metadata Command Center application | Grants access to Metadata Command Center. If disabled, users can't access Metadata Command Center. |
Asset Page Customization | Allows users to modify the layout of pages and preview panes of assets. Allow users to assign default layouts to other users based on their roles, user groups, or to all users in the organization. |
Manage Access Control | Allows users to assign asset privileges and feature privileges to other users. |
Manage IDMC Metadata Settings | Allows users to synchronize metadata from Data Integration tasks into the catalog. |
Manage Connection Assignments | Allows users to assign or unassign connections to one or more catalog sources in Metadata Command Center. |
Manage Custom Attributes | Allows users to manage asset relationships, predefined attributes, and custom attributes for asset types that appear in Data Governance and Catalog. |
Manage Data Classifications | Allows users to create and manage data classification inclusion rules in Metadata Command Center. |
Manage Reference Data | Allows users to import and publish lookup tables that you can use in data classification in Metadata Command Center. |
Manage System Settings | Allows users to modify system settings in Metadata Command Center. |
Manage Upgrade | Allows users to initiate upgrades to the latest version of Data Governance and Catalog. |
Manage Workflow Settings | Allows users to create or modify workflows in Metadata Command Center. |
Monitor Jobs | Allows users to monitor jobs in Metadata Command Center. |
Super Admin | Allows users access to unique administrator capabilities beyond the Governance Administrator role. |
View Custom Attributes | Allows users to view attributes for asset types in Data Governance and Catalog. |
View Data Classifications | Allows users to view data classifications in Data Governance and Catalog after you enable the capability and run the catalog source job in Metadata Command Center. |
View Reference Data | Allows users to view reference data in Data Governance and Catalog. |
Feature privilege | Description |
|---|---|
Job Results - view | Allows users to view job results on the All Jobs, Running Jobs, and My Jobs pages. |
Logs - View and Download | Allows users to view and download job log files. |