Cluster Configuration Privileges and Permissions
You manage user security with privileges, roles, and permissions. Privileges determine the actions that users can perform on a cluster configuration. Permissions define the level of access that users and groups have to a cluster configuration.
Privileges and Roles
Cluster configuration privileges and roles determine the actions that users can perform using the Administrator tool and the infacmd command line program.
The following privileges and roles are required to perform certain actions on the cluster configuration:
- Domain Administration privilege group
- A user assigned the Administrator role for the domain can configure cluster configurations.
- Manage Connections privilege
- Users or groups assigned the Manage Connections privilege can create, refresh, and delete cluster configurations. Users can also set and clear configuration properties.
Permissions
Permissions control the level of access that a user or group has for a cluster configuration.
You can configure permissions for a cluster configuration in the Administrator tool and using infacmd.
Any cluster configuration permission that is assigned to a user or group in one tool also applies in the other tool. For example, you grant GroupA permission on ConfigurationA using the Informatica command line interface. GroupA has permission on ConfigurationA in the Developer tool also.
The following Informatica components use the cluster configuration permissions:
- •Administrator tool. Enforces read, write, execute, and grant permissions on cluster configurations.
- •Informatica command line interface. Enforces read, write, execute, and grant permissions on cluster configurations.
- •Developer tool. Enforces read, write, and execute permissions on cluster configurations.
- •Data Integration Service. Enforces execute permissions when a user tries to preview data or run a mapping, scorecard, or profile.
Types of Cluster Configuration Permissions
You can assign different permission types to users to perform the following actions:
Permission Type | Action |
|---|
Read | View the cluster configuration. |
Write | Edit and refresh the cluster configuration. Set and clear configuration properties. Export the cluster configuration with sensitive properties. Delete the cluster configuration. Users with write permission inherit read permission. |
Execute | Run mappings in the Hadoop environment. |
Grant | Grant permission on the cluster configuration to other users and groups. Users with grant permission inherit read permission. |
All | Inherit read, write, execute, and grant permissions. |
None | Remove permissions for the user. |
Note the following default permissions for cluster configurations:
- •The domain administrator has all permissions on all cluster configurations.
- •The user that creates a cluster configuration has read, write, execute, and grant permission for the cluster configuration.
- •All users have permission to view the cluster configuration name.