Intelligent Data Lake Administrator Guide > Roles, Privileges, and Profiles > Operating System Profiles
  

Operating System Profiles

An operating system profile is a type of security that the Data Integration Service uses to run mappings, workflows, and profiling jobs. Use operating system profiles to increase security and to isolate the run-time environment for users.
If the Data Integration Service runs on UNIX or Linux, create operating system profiles and configure the Data Integration Service to use operating system profiles. By default, the Data Integration Service process runs all jobs, mappings, and workflows using the permissions of the operating system user that starts Informatica Services. For more information about Data Integration Service operating system profiles, see the Informatica Application Service Guide.
When you create the Intelligent Data Lake Service, you must associate it with a Data Integration Service. The operating system profile configuration for the associated Data Integration Service will be applicable to the Intelligent Data Lake Service.

Creating an Operating System Profile for Intelligent Data Lake

Create an operating system profile to provide a level of security to users and groups in the run-time environment. The Data Integration Service you have associated with the Intelligent Data Lake Service uses the operating system profile of the user to run workflows or jobs. Ensure that the assigned license allows you to use the operating system profiles feature.
    1. In the Administrator tool, click the Security tab.
    2. On the Security Actions menu, click Create Operating System Profile.
    The Create Operating System Profile dialog box appears.
    3. Enter the following general properties for the operating system profile:
    Property
    Description
    Name
    Name of the operating system profile. The name is not case sensitive and must be unique within the domain. It cannot exceed 128 characters or begin with @. It also cannot contain the following special characters:
    % * + \ / . ? < >
    The name can contain an ASCII space character except for the first and last character. All other space characters are not allowed.
    System User Name
    Name of an operating system user that exists on the machines where the Data Integration Service runs. The Data Integration Service runs workflows or jobs using the system access of the system user defined for the operating system profile.
    Note: When you create operating system profiles, you cannot specify the system user name as root or use a non-root user with uid==0.
    4. Click Next.
    The Configure Operating System Profile dialog box appears.
    5. Select the Data Integration Service checkbox and configure the operating system profile properties.
    6. Configure service process variables in the operating system profile to specify different output file locations based on the operating system profile that is assigned to the user or group. The Data Integration Service writes output files to a single shared location specified in the $DISRootDir service process variable.
    7. Select Enable Hadoop Impersonation Properties.
    8. Choose to use the logged in user or specify a Hadoop impersonation user to run Hadoop jobs. For a secure Hadoop cluster, the logged in user or the user specified as the Hadoop impersonation user should be valid and have the required permissions in the cluster nodes.
    9. Optionally, configure the environment variables.
    10. Click Next.
    The Assign Groups and Users to Operating System Profile dialog box appears.
    11. In the Groups tab, select the groups that you want to assign the operating system profile.
    A list of all the groups with permission on the operating system profile appears.
    12. In the Users tab, select the users that you want to assign the operating system profile.
    A list of all the users with permission on the operating system profile appears.
    13. Click Finish.
    After you create the operating system profile, the details panel displays the properties of the operating system profile and the groups and users that the profile is assigned to.

Assigning a Default Operating System Profile to an Intelligent Data Lake User or Group

For Intelligent Data Lake, each user must have only one default operating system profile. If a user inherits multiple operating system profiles based on permissions assigned to groups or direct assignment, ensure that the user is assigned only one default operating system profile.
When you assign an operating system profile as the default profile to a user or group, the Data Integration Service uses the default operating system profile to run jobs and workflows. You can assign only an operating system profile with direct permission as the default profile to a user or group.
    1. On the Security tab, select the Users or Groups view.
    2. In the Navigator, select the user or group.
    3. In the content panel, select the Permissions view.
    4. Click the Operating System Profiles tab.
    5. Click the Assign or Change the Default Operating System Profile button.
    The Assign or Change the Default Operating System Profile dialog box appears.
    6. Select a profile from the Default Operating System Profile list.
    7. Click OK.
    In the details panel, the Default Profile column displays Yes (Direct) for the operating system profile.