Privileges and Roles Overview
You manage user security with privileges and roles.
You can modify privileges and roles depending on the type of PowerCenter Express license.
Privileges
Privileges determine the actions that users can perform in application clients. Informatica includes the following privileges:
- •Domain privileges. Determine actions that users can perform on the Informatica domain using the Administrator tool and the infacmd and pmrep command line programs.
- •Domain privileges. Determine actions on the Informatica domain that users can perform using the Administrator tool.
- •Analyst Service privilege. Determines actions that users can perform using Informatica Analyst.
- •Content Management Service privilege. Determines actions that users can perform using reference tables in the Informatica Developer tool and the Informatica Analyst tool.
- •Data Integration Service privilege. Determines actions on applications that users can perform using the Administrator tool and the infacmd command line program. This privilege also determines whether users can drill down and export profile results.
- •Data Integration Service privilege. Determines actions on applications that users can perform using the Administrator tool. This privilege also determines whether users can drill down and export profile results.
- •Metadata Manager Service privileges. Determine actions that users can perform using Metadata Manager.
- •Model Repository Service privilege. Determines actions on projects that users can perform using Informatica Analyst and Informatica Developer.
- •Model Repository Service privilege. Determines actions on projects that users can perform using Informatica Developer.
- •PowerCenter Repository Service privileges. Determine PowerCenter repository actions that users can perform using the Repository Manager, Designer, Workflow Manager, Workflow Monitor, and the pmrep and pmcmd command line programs.
- •PowerExchange application service privileges. Determine actions that users can perform on the PowerExchange Listener Service and PowerExchange Logger Service using the infacmd pwx commands.
- •Reporting Service privileges. Determine reporting actions that users can perform using Data Analyzer.
- •Reporting and Dashboards Service privileges. Determine actions that users can perform using Jaspersoft.
- •Scheduler Service privileges. Determine actions that users can perform using the Scheduler Service.
- •Test Data Manager Service privileges. Determine data discovery, data masking, data subset, and test data generation tasks that users can perform using the Test Data Manager.
Privileges determine the actions that users can perform in application clients. Informatica includes domain privileges that determine actions that users can perform using the Administrator tool.
You assign privileges to users and groups for application services. You can assign different privileges to a user for each application service of the same service type.
You assign privileges to users and groups on the Security tab of the Administrator tool.
The Administrator tool organizes privileges into levels. A privilege is listed below the privilege that it includes. Some privileges include other privileges. When you assign a privilege to users and groups, the Administrator tool also assigns any included privileges.
Privilege Groups
The domain and application service privileges are organized into privilege groups. A privilege group is an organization of privileges that define common user actions. For example, the domain privileges include the following privilege groups:
- •Tools. Includes privileges to log in to the Administrator tool.
- •Security Administration. Includes privileges to manage users, groups, roles, and privileges.
- •Domain Administration. Includes privileges to manage the domain, folders, nodes, grids, licenses, and application services.
- •Domain Administration. Includes privileges to manage the domain, folders, and application services.
- •Security Administration. Includes privileges to manage users, groups, roles, and privileges.
- •Domain Administration. Includes privileges to manage the domain, folders, nodes, grids, licenses, and application services.
- •Tools. Includes privileges to log in to the Administrator tool.
- •Monitoring. Includes privileges to monitor Ultra Messaging deployments and view statistics.
Tip: When you assign privileges to users and user groups, you can select a privilege group to assign all privileges in the group.
Roles
A role is a collection of privileges that you assign to a user or group. Each user within an organization has a specific role, whether the user is a developer, administrator, basic user, or advanced user.
For example, the PowerCenter Developer role includes all the PowerCenter Repository Service privileges or actions that a developer performs.
You assign a role to users and groups for the domain and for application services in the domain.
Tip: If you organize users into groups and then assign roles and permissions to the groups, you can simplify user administration tasks. For example, if a user changes positions within the organization, move the user to another group. If a new user joins the organization, add the user to a group. The users inherit the roles and permissions assigned to the group. You do not need to reassign privileges, roles, and permissions. For more information, see the Informatica How-To Library article
Using Groups and Roles to Manage Informatica Access Control.
Tip: If you organize users into groups and then assign roles and permissions to the groups, you can simplify user administration tasks. For example, if a user changes positions within the organization, move the user to another group. If a new user joins the organization, add the user to a group. The users inherit the roles and permissions assigned to the group. You do not need to reassign privileges, roles, and permissions.