The following examples illustrate ways in which you can configure users, user groups, and roles to control access to Informatica Intelligent Cloud Services according to your business needs.
You want your development team to create tasks and taskflows in Data Integration. The development team needs to view sample data in development, but you want to restrict access to production data.
1Create a Developer role for the development team. Configure the role with all privileges for tasks and related assets, but only the Read privilege for connections.
2Create a Development Team user group and add all members of the development team to the group.
3Assign the Developer role to the Development Team group.
4If possible, create development connections to sample data. If you have both development and production connections, configure the production connections so that the Development Team group does not have read permission for these connections. This prevents users in the Development Team group from using production connections in tasks.
5After testing is complete and tasks are ready to move into production, have an administrator or other qualified user configure the tasks to use production connections.
6Edit the Developer role and remove the privilege to run tasks. If development is complete for a task type, you can also remove the privileges to read and update the tasks. By removing the read privilege, you prevent users with the Developer role from accessing information about production tasks.
You have a reporting team that needs to run tasks in Data Integration, but does not have the technical knowledge to configure tasks safely.
1Create a Reporter role for the reporting team. Configure the role with privileges to read and run tasks and taskflows, and privileges to read, create, and update schedules. Do not enable privileges to create, update, delete or set permissions on assets in the organization.
2Create a Reporting Team user group and add all members of the reporting team to the group.
3Assign the Reporter role to the Reporting Team group.
You want a security administrator who can assign roles and user groups and configure access control, but cannot create, edit, or run tasks.
1Create a custom role called Security Administrator.
2Edit the Security Administrator role and grant all privileges except the privileges to create, update, delete, and run tasks, connections, and schedules.
3Assign the Security Administrator role to the security administrator.
You want to easily keep track of your organization administrators.
Create a user group called "Organization Administrators" and assign the Admin role to the group. Add all of your organization administrators to the group.
Your organization uses an OrderProcessing API to manage orders to a large supplier. This API consists of processes in Application Integration that include CreateOrder, ApproveOrder, and GetOrder. As an Admin, you want to restrict access to the ApproveOrder process to a few people.
1Create a custom role called Approver. Configure the Run privilege for Application Integration Assets for the Approver role.
2Create a user group called Order Approvers.
3Assign the Approver role to the Order Approvers group.
4Assign the Service Consumer role to the Order Approvers group. You must do this as the Service Consumer role can access and invoke processes.
5Assign the users who need to be able to invoke the ApproveOrder process to the Order Approvers group.
6In the ApproveOrder process, you must configure one of the following fields:
▪ To assign access to a group of users, enter the Order Approvers group in the Allowed Groups field.
▪ To assign access to a specific user, enter the user in the Allowed Users field. You can enter more than one user in the field.
Only members of the Order Approvers group or the users specified in the Allowed Users field will be able to invoke the ApproveOrder process.
You want an Application Integration developer to be able to perform all functions in the Application Integration Console except for viewing detailed process logs.
1Create a role called Custom_Dev and configure the role with the following privileges:
aSelect the Application Integration service, go to the Assets tab, and enable all CRUD privileges for Application Integration Assets.
bGo to the Features tab and add the Development, Console Administration, Publish Application Integration Assets, View Application Integration Console, and View Application Integration Designer privileges to the role.
cSelect the Data Integration service, go to the Assets tab, and enable all CRUD privileges for the Project and Folder assets.