Administrator Guide > Using Informatica Administrator > Security Tab

Security Tab

You administer Informatica security on the Security tab of the Administrator tool.

The Security tab has the following components:

•Search section. Search for users, groups, or roles by name.
•Navigator. The Navigator appears in the left pane and displays groups, users, and roles.
•Contents panel. The contents panel displays properties and options based on the object selected in the Navigator and the tab selected in the contents panel.
•Security Actions menu. Contains options to create or delete a group, user, or role. You can manage LDAP configurations and operating system profiles. You can also view users that have privileges for a service.

Using the Search Section

Use the Search section to search for users, groups, and roles by name. Search is not case sensitive.

1. In the Search section, select whether you want to search for users, groups, or roles.

2. Enter the name or partial name to search for.

You can include an asterisk (*) in a name to use a wildcard character in the search. For example, enter “ad*” to search for all objects starting with “ad”. Enter “*ad” to search for all objects ending with “ad”.

3. Click Go.

The Search Results section appears and displays a maximum of 100 objects. If your search returns more than 100 objects, narrow your search criteria to refine the search results.

4. Select an object in the Search Results section to display information about the object in the contents panel.

Using the Security Navigator

The Navigator appears in the contents panel of the Security tab. When you select an object in the Navigator, the contents panel displays information about the object.

The Navigator on the Security tab displays one of the following sections based on what you are viewing:

•Groups section. Select a group to view the properties of the group, the users assigned to the group, and the roles and privileges assigned to the group.
•Users section. Select a user to view the properties of the user, the groups the user belongs to, and the roles and privileges assigned to the user.
•Roles section. Select a role to view the properties of the role, the users and groups that have the role assigned to them, and the privileges assigned to the role.
•Operating Profiles section. Select an operating profile to view the properties of the operating system profile, and the permissions assigned to users and groups that use the operating system profile.
•LDAP Configuration section. Select a configuration to view the LDAP server connection details, the LDAP security domain that contains users and groups imported from the LDAP directory service, and the LDAP synchronization schedule.

The Navigator provides different ways to complete a task. You can use any of the following methods to manage groups, users, and roles:

•Click the Actions menu. Each section of the Navigator includes an Actions menu to manage groups, users, roles, operating system profiles, or LDAP configurations.
•Right-click an object. Right-click an object in the Navigator to display the options available in the Actions menu.
•Use keyboard shortcuts. Use keyboard shortcuts to move to different sections of the Navigator.

Groups

A group is a collection of users and groups that can have the same privileges, roles, and permissions.

The Groups section of the Navigator organizes groups into security domain folders. A security domain is a collection of user accounts and groups in an Informatica domain. Native authentication uses the Native security domain which contains the users and groups created and managed in the Administrator tool. LDAP authentication uses LDAP security domains which contain users and groups imported from the LDAP directory service.

When you select a security domain folder in the Groups section of the Navigator, the contents panel displays all groups belonging to the security domain.

When you select a group in the Navigator, the contents panel displays the following tabs:

•Overview. Displays general properties of the group and users assigned to the group.
•Privileges. Displays the privileges and roles assigned to the group for the domain and for application services in the domain.
•Permissions. Displays the level of access that users within the group have perform tasks on domain objects, including nodes, grids and application services . Also displays the level of access that users within the group have to perform tasks on connection objects and operating system profiles.

Users

A user with an account in the Informatica domain can log in to the following application clients:

•Informatica Administrator
•PowerCenter Client
•Informatica Developer
•Informatica Analyst
•Metadata Manager

The Users section of the Navigator organizes users into security domain folders. A security domain is a collection of user accounts and groups in an Informatica domain. Native authentication uses the Native security domain which contains the users and groups created and managed in the Administrator tool. LDAP authentication uses LDAP security domains which contain users and groups imported from the LDAP directory service.

When you select a security domain folder in the Users section of the Navigator, the contents panel displays all users belonging to the security domain.

When you select a user in the Navigator, the contents panel displays the following tabs:

•Overview. Displays general properties of the user and all groups to which the user belongs.
•Privileges. Displays the privileges and roles assigned to the user for the domain and for application services in the domain.
•Permissions. Displays the level of access that the user has to perform tasks on domain objects, including nodes, grids and application services . Also displays the level of access that the user has to perform tasks on connection objects and operating system profiles.

Roles

A role is a collection of privileges that you assign to a user or group. Privileges determine the actions that users can perform. You assign a role to users and groups for the domain and for application services in the domain.

The Roles section of the Navigator organizes roles into the following folders:

•System-defined Roles. Contains roles that you cannot edit or delete. The Administrator role is a system-defined role.
•Custom Roles. Contains roles that you can create, edit, and delete. The Administrator tool includes some custom roles that you can edit and assign to users and groups.

When you select a folder in the Roles section of the Navigator, the contents panel displays all roles belonging to the folder.

When you select a role in the Navigator, the contents panel displays the following tabs:

•Overview. Displays general properties of the role and the users and groups that have the role assigned for the domain and application services.
•Privileges. Displays the privileges assigned to the role for the domain and application services.

Operating System Profiles

An operating system profile is a security mechanism that the Data Integration Service and the PowerCenter Integration Service use to run mappings, workflows, and profiling jobs.

The Operating System Profiles section of the Navigator lists the operating system profiles configured in the domain.

When you select an operating system profile in the Navigator, the contents panel displays the following tabs:

•Properties. Displays general properties of the operating system profile configured for the Data Integration Service, for the PowerCenter Integration Service, or for both application services.
•Permissions. Displays the permissions assigned to users and groups that use the operating system profile. Also indicates whether the operating system profile is the default profile assigned to a user or group.

LDAP Configuration

You can configure an Informatica domain to enable users and groups imported from one or more LDAP directory services to log in to Informatica nodes, services, and application clients.

The LDAP Configuration section of the Navigator lists the LDAP configurations the domain uses.

When you select an LDAP configuration, the following tabs appear under the LDAP Configuration tab:

•Overview. Lists the connection details for the LDAP server that contains the directory service from which you want to import users and groups.
•Security Domains. Lists the details for the LDAP security domain that contains users and groups imported from the LDAP directory service.
•Schedule. Lists the details for the synchronization schedule specifying when the Service Manager updates the security domain with the users and groups in the LDAP directory service.

Account Management

To improve security in the Informatica domain, you can enforce lockout of user and administrator accounts after a specified number of failed login attempts.

The Account Lockout Configuration section of the Account Management page displays whether account lockout is enabled for user accounts and administrator accounts. The section also indicates the maximum number of failed login attempts allowed.

The Locked Out Native Users section of the page lists locked out user accounts in the native security domain. You can unlock a user account in the native security domain.

The Locked Out LDAP Users section of the page lists locked out user accounts in an LDAP security domain. You can unlock a user account in the Informatica domain. However, the LDAP administrator must unlock the user account in the LDAP server. The user cannot log in to the Informatica domain until the LDAP administrator unlocks the user account.

Audit Reports

Audit reports provide information about users and groups in the Informatica domain, and about the privileges, roles, and permissions assigned to each user or group.

You select the audit report to generate from the Select Report Type menu. You can generate the following audit reports:

User Personal Information: Displays contact information and status details of user accounts in the domain. You can select the users or groups for which you want to generate the report.
User Group Association: Displays information about users and the groups to which they belong. You can select the users or groups for which you want to generate the report.
Privileges: Displays information about privileges assigned to the users and groups in the domain. You can select the users or groups for which you want to generate the report.
Roles: Displays information about the roles assigned to the users and groups in the domain. You can select the roles for which you want to generate the report.
Domain Object Permissions: Displays information about the domain objects for which users and groups have permission. You can select the users or groups for which you want to generate the report.