About the Security Guide
Informatica Resources
Informatica Network
Informatica Knowledge Base
Informatica Documentation
Informatica Product Availability Matrices
Informatica Velocity
Informatica Marketplace
Informatica Global Customer Support
Introduction to Informatica Security
Overview of Informatica Security
Infrastructure Security
Authentication
Secure Domain Communication
Secure Data Storage
Operational Security
Domain Configuration Repository
Security Domain
User Authentication
User Authentication Overview
Native User Authentication
LDAP User Authentication
Kerberos Authentication
SAML Authentication for Informatica Web Applications
LDAP Authentication
Overview
LDAP Security Domains
User Account Synchronization
LDAP Directory Services
Custom LDAP Types
Azure Active Directory for Secure LDAP Authentication
Creating an LDAP Configuration
Create the LDAP Configuration and Configure the LDAP Server Connection
Configure the Security Domain
Configure the Synchronization Schedule
Using Nested Groups in the LDAP Directory Service
Using a Self-Signed SSL Certificate
Deleting an LDAP Configuration
Kerberos Authentication
Kerberos Overview
How Kerberos Works in an Informatica Domain
Kerberos Cross Realm Authentication
Converting a Domain From Kerberos Single Realm Authentication to Kerberos Cross Realm Authentication
Preparing to Enable Kerberos Authentication
Determine the Kerberos Service Principal Level
Configure the Kerberos Configuration File
Create Kerberos Principal Accounts in Active Directory
Generate the Service Principal Name and Keytab File Name Formats
Generate the Keytab Files
Enable Delegation for the Kerberos Principal User Accounts in Active Directory
Enabling Kerberos Authentication
Enable Kerberos Authentication in the Domain
Update the Nodes in the Domain
Enabling Kerberos on Informatica Nodes
Copy the Keytab Files to the Informatica Nodes
Enable Kerberos Authentication for Informatica Clients
Enabling User Accounts to Use Kerberos Authentication
Import User Accounts from Active Directory into LDAP Security Domains
Migrate Native User Privileges and Permissions to the Kerberos Security Domain
SAML Authentication for Informatica Web Applications
SAML Authentication Overview
SAML Authentication Process
Enable SAML Authentication in a Domain
Create an LDAP Configuration for the Identity Provider or LDAP Store
Export the Assertion Signing Certificate
Import the Certificate into the Truststore Used for SAML Authentication
Configure the Identity Provider
Add Informatica Web Application URLs to the Identity Provider
Enable SAML Authentication in the Domain
Enable SAML Authentication on the Gateway Nodes
Configuring Web Applications to Use Different Identity Providers
Configure Informatica Administrator to Use an Identity Provider
Configure a Web Application to Use an Identity Provider
Domain Security
Domain Security Overview
Secure Communication Within the Domain
Secure Communication for Services and the Service Manager
Secure Domain Configuration Repository Database
Secure PowerCenter Repository Database
Secure Model Repository Database
Secure Communication for Workflows and Sessions
Secure Connections to a Web Application Service
Requirements for Secure Connections to Web Application Services
Enabling Secure Connections to the Administrator Tool
Informatica Web Application Services
Cipher Suites for the Informatica Domain
Configure the Informatica Domain to Use Advanced Ciphers
Create the Cipher Suite Lists
Configure the Informatica Domain with a New Effective List of Cipher Suites
Secure Sources and Targets
Data Integration Service Sources and Targets
PowerCenter Sources and Targets
Secure Data Storage
Secure Directory on UNIX
Changing the Encryption Key from the Command Line
Application Services and Ports
Security Management in Informatica Administrator
Using Informatica Administrator Overview
User Security
Encryption
Authentication
Authorization
Security Tab
Using the Search Section
Using the Security Navigator
Groups
Users
Roles
Operating System Profiles
LDAP Configuration
Account Management
Audit Reports
Password Management
Changing Your Password
Domain Security Management
User Security Management
Users and Groups
Users and Groups Overview
Default Groups
Administrator Group
Everyone Group
Operator Group
Understanding User Accounts
Default Administrator
Domain Administrator
Application Client Administrator
User
Managing Users
Creating Native Users
Editing General Properties of Native Users
Assigning Native Users to Native Groups
Assigning LDAP Users to Native Groups
Enabling and Disabling User Accounts
Deleting Native Users
LDAP Users
Unlocking a User Account
Increasing System Memory for Many Users
Viewing User Activity
Managing Groups
Adding a Native Group
Editing Properties of a Native Group
Moving a Native Group to Another Native Group
Deleting a Native Group
LDAP Groups
Managing Operating System Profiles
Operating System Profile Properties for the PowerCenter Integration Service
Operating System Profile Properties for the Data Integration Service
Operating System Profile Properties for the Metadata Access Service
Creating an Operating System Profile
Editing an Operating System Profile
Assigning a Default Operating System Profile to a User or Group
Deleting an Operating System Profile
Working with Operating System Profiles in a Secure Domain
Working with Operating System Profiles in a Domain with Kerberos Authentication
Account Lockout
Configuring Account Lockout
Rules and Guidelines for Account Lockout
Privileges and Roles
Privileges and Roles Overview
Privileges
Roles
Domain Privileges
Security Administration Privilege Group
Domain Administration Privilege Group
Monitoring Privilege Group
Tools Privilege Group
Cloud Administration Privilege Group
Analyst Service Privileges
Content Management Service Privileges
Data Integration Service Privileges
Metadata Manager Service Privileges
Catalog Privilege Group
Load Privilege Group
Model Privilege Group
Security Privilege Group
Model Repository Service Privileges
PowerCenter Repository Service Privileges
Tools Privilege Group
Folders Privilege Group
Design Objects Privilege Group
Sources and Targets Privilege Group
Run-time Objects Privilege Group
Global Objects Privilege Group
PowerExchange Listener Service Privileges
PowerExchange Logger Service Privileges
Scheduler Service Privileges
Test Data Manager Service Privileges
Administration Privilege Group
Connections Privilege Group
Data Domains Privilege Group
Data Masking Privilege Group
Data Subset Privilege Group
Policies Privilege Group
Projects Privilege Group
Rules Privilege Group
Data Generation Privilege Group
Managing Roles
System-Defined Roles
Custom Roles
Assigning Privileges and Roles to Users and Groups
Inherited Privileges
Assigning Privileges and Roles to a User or Group by Navigation
Viewing Users with Privileges for a Service
Troubleshooting Privileges and Roles
Permissions
Permissions Overview
Types of Permissions
Permission Search Filters
Domain Object Permissions
Permissions by Domain Object
Permissions by User or Group
Operating System Profile Permissions
Connection Permissions
Types of Connection Permissions
Default Connection Permissions
Assigning Permissions on a Connection
Viewing Permission Details on a Connection
Editing Permissions on a Connection
Cluster Configuration Permissions
Application and Application Object Permissions
Types of Application and Application Object Permissions
Assigning Permissions on an Application or Application Object
Viewing Permission Details on an Application or Application Object
Editing Permissions on an Application or Application Object
Denying Permissions on an Application or Application Object
SQL Data Service Permissions
Types of SQL Data Service Permissions
Assigning Permissions on an SQL Data Service
Viewing Permission Details on an SQL Data Service
Editing Permissions on an SQL Data Service
Denying Permissions on an SQL Data Service
Column Level Security
Web Service Permissions
Types of Web Service Permissions
Assigning Permissions on a Web Service
Viewing Permission Details on a Web Service
Editing Permissions on a Web Service
Audit Reports
Audit Reports Overview
User Personal Information
User Group Association
Privileges
Roles Association
Domain Object Permission
Selecting Users for an Audit Report
Selecting Groups for an Audit Report
Selecting Roles for an Audit Report
Command Line Privileges and Permissions
infacmd as Commands
infacmd cluster Commands
infacmd dis Commands
infacmd dp Commands
infacmd es commands
infacmd ipc Commands
infacmd isp Commands
infacmd mas Commands
infacmd mrs Commands
infacmd ms Commands
infacmd tools Commands
infacmd ps Commands
infacmd pwx Commands
infacmd rms Commands
infacmd rtm Commands
infacmd sch commands
infacmd sql Commands
infacmd wfs Commands
pmcmd Commands
pmrep Commands
Custom Roles
Analyst Service Custom Role
Metadata Manager Service Custom Roles
Operator Custom Role
PowerCenter Repository Service Custom Roles
Test Data Manager Custom Roles
Default List of Cipher Suites
About the Security Guide
Default List of Cipher Suites
overview
security_page
search_user_group_role
Password_Management
security_overview
user_navigator
new_user_dialog
user_overview
user_edit_properties_dialog
group_edit_users_dialog
user_edit_groups_dialog
ldap_user_overview
group_overview
group_navigator
new_group_dialog
group_edit_properties_dialog
select_parent_group_dialog
move_group_dialog
ldap_group_overview
os_profiles_dialog
os_profile_edit_properties_dialog
new_os_profile_dialog
userperm_default_os_profile_dialog
groupperm_default_os_profile_dialog
os_profile_delete
group_privileges
group_user_edit_privileges_dialog
user_privileges
role_privileges
role_edit_privileges_dialog
role_navigator
system_role_overview
new_role_dialog
role_overview
role_edit_properties_dialog
group_user_edit_roles_dialog
assign_roles_dialog
users_for_service_dialog
domain_permissions
viewperm_domainobjects
os_profile_permissions_dialog
connection_permissions
application_permissions
mapping_permissions
workflow_permissions
sql_services_permissions
web_services_permissions
auditrept_selectusers
auditrept_selectgroups
auditrept_selectroles