Permissions determine the access rights that a user has for a Secure Agent, Secure Agent group, connection, schedule, or asset. Permissions add additional or custom security for an object. Permissions define which users and groups can read, update, delete, execute, and change permissions on the object.
To configure permissions on an object, you need the following licenses and privileges:
•To configure permissions at the project level for all assets in a project, your organization must have the Set/Unset Security Permissions at Project Level license.
•To configure permissions at the folder level for all assets in a folder, your organization must have the Set/Unset Security Permissions at Folder Level license.
•To configure permissions on individual assets, your organization must have the Fine Grained Security license.
•The role assigned to your user account or to a group in which you are a member must have the Set Permission privilege for the object type. For example, to configure permissions on a Secure Agent, you must be assigned a role that has the Set Permission privilege for Secure Agents.
To configure permissions on an object, navigate to the object and set the appropriate permissions. For example, you want only users in the Development Team user group to have access to assets in the Development Data folder. Navigate to the folder, edit the permissions, and grant the Development Team user group permissions on the folder.
Permissions apply to the objects that you configure but not to copies of the object. Therefore, when you copy or export an asset, the permissions are not copied or exported with the asset. For example, you copy a model deployment in which only user rjones has execute permission. The copy of the deployment has no permissions assigned to it, therefore any user with privileges to execute model deployments can start the copy of the deployment.
You can configure the following permissions on an object:
Permission
Description
Read
Open and view the object.
Update
Edit the object.
Requires read permission, which is automatically granted.
Delete
Delete the object.
Execute
Run the object.
Applies to model deployments.
Change permissions
Change the permissions that are assigned to the object.
Note: These permissions control permissions within Informatica Intelligent Cloud Services. They do not control operating system permissions, such as the ability to start, stop, or configure the Secure Agent on Windows or Linux.
Rules and guidelines for permissions
Use the following rules and guidelines for permissions:
•When you configure permissions on an object, verify that the user or group to which you grant permissions is assigned a role with the appropriate privileges for the object type.
•For example, if you grant a user with the Monitor role Update privilege on a particular folder, the user cannot update the folder because the Monitor role does not have update privileges for folders.
•To edit an asset, the user must have read permission on all assets used within the asset. For example, when you assign a user Read and Update permissions on a model deployment, verify that the user also has Read permission on the machine learning model used in the deployment.
•To run a subscription or a publication that executes a mapping task, the user must have the Update privilege for the project and folder that contains the mapping task.
Configuring permissions
You can configure permissions on an object if you are assigned a role with the Set Permission privilege for the object type. For example, to configure permissions on a folder, you must be assigned a role that has the Set Permission privilege for folders.
1Navigate to the object for which you want to configure permissions.
For example:
- To configure permissions on a machine learning model or model deployment, in Model Serve, open the project and folder that contain the asset.
2In the row that contains the object, either click Actions and select Permissions, or click the Change Permission icon.
The Permissions dialog box lists the users and groups that have permissions on the object.
If the Permissions dialog box lists no users or groups, then no permissions are configured for the object. Any user with appropriate privileges for the object type can access the object.
3To configure user permissions on the object:
aSelect Users.
bIf the user does not appear in the Users list, click Add, and select a user.
cEnable or disable the appropriate permissions on the user.
Note: When you grant any user permissions on the object, Informatica Intelligent Cloud Services also adds you as a user with permissions on the object. This prevents you from losing access to the object when you configure permissions.
4To configure user group permissions on the object:
aSelect Groups.
bIf the group does not appear in the Groups list, click Add, and select a group.
cEnable or disable the appropriate permissions on the group.
Note: When you grant any group permissions on the object, Informatica Intelligent Cloud Services also adds you as a user with permissions on the object. This prevents you from losing access to the object when you configure permissions.
5To remove all permissions restrictions for the object, remove all users and groups from the Permissions dialog box.
When you remove all users and groups, any user with appropriate privileges for the object type can access the object.