Security Guide > Permissions > Application and Application Object Permissions
  

Application and Application Object Permissions

Permissions control the level of access that a user or group has on applications and application objects such as mappings and workflows.
You can configure application and application object permissions in the Administrator tool or from the command line.

Types of Application and Application Object Permissions

You can assign view, grant, and execute permissions to users and groups.
You can assign the following permissions to users and groups:
View permission
View applications and application objects.
Grant permission
Grant and revoke permissions on the applications and application objects.
Execute permission
Run applications and application objects.
Note: To perform application operations such as start, stop, or back up in the Administrator tool or from the command line, the user must have execute permission and the Manage Applications privilege on the application.

Assigning Permissions on an Application or Application Object

When you assign permissions on an application or application object, you define the level of access a user or group has to the application or the application object.
    1. On the Manage tab, select the Services and Nodes view.
    2. In the Navigator, select a Data Integration Service.
    3. In the contents panel, select the Applications view.
    4. Select an application, a mapping, or a workflow.
    5. In the details panel, select the Group Permissions or User Permissions view.
    6. Click the Assign Permission button.
    The Assign Permissions dialog box displays all users or groups that do not have permission on the application or application object.
    7. Enter the filter conditions to search for users and groups, and click the Filter button.
    8. Select a user or group, and click Next.
    9. Select Allow for each permission type that you want to assign.
    10. Click Finish.

Viewing Permission Details on an Application or Application Object

When you view permission details, you can view the origin of effective permissions.
    1. On the Manage tab, select the Services and Nodes view.
    2. In the Navigator, select a Data Integration Service.
    3. In the contents panel, select the Applications view.
    4. Select the application, mapping, or workflow.
    5. In the details panel, select the Group Permissions or User Permissions view.
    6. Enter the filter conditions to search for users and groups, and click the Filter button.
    7. Select a user or group and click the View Permission Details button.
    The Permission Details dialog box appears. The dialog box displays direct permissions assigned to the user or group, direct permissions assigned to parent groups, and permissions inherited from parent objects. In addition, permission details display whether the user or group is assigned the Administrator role which bypasses permission checking.
    8. Click Close.
    9. Or, click Edit Permissions to edit direct permissions.

Editing Permissions on an Application or Application Object

You can edit direct permissions on an application or application object for a user or group. You cannot revoke inherited permissions or your own permissions.
Note: If you revoke direct permission on an object, the user or group might still inherit permission from a parent group or object.
    1. On the Manage tab, select the Services and Nodes view.
    2. In the Navigator, select a Data Integration Service.
    3. In the contents panel, select the Applications view.
    4. Select the application or application object.
    5. In the details panel, select the Group Permissions or User Permissions view.
    6. Enter the filter conditions to search for users and groups, and click the Filter button.
    7. Select a user or group and click the Edit Direct Permissions button.
    The Edit Direct Permissions dialog box appears.
    8. Choose to allow or revoke permissions.
    You can view whether the permission is directly assigned or inherited by clicking View Permission Details.
    9. Click OK.

Denying Permissions on an Application or Application Object

You can explicitly deny permissions on application and application objects. When you deny a permission, you are applying an exception to the effective permission.