Permissions
Permissions control the level of access that a user or group has for a cluster configuration.
You can configure permissions for a cluster configuration in the Administrator tool and using infacmd.
Any cluster configuration permission that is assigned to a user or group in one tool also applies in the other tool. For example, you grant GroupA permission on ConfigurationA using the Informatica command line interface. GroupA has permission on ConfigurationA in the Developer tool also.
The following Informatica components use the cluster configuration permissions:
- •Administrator tool. Enforces read, write, execute, and grant permissions on cluster configurations.
- •Informatica command line interface. Enforces read, write, execute, and grant permissions on cluster configurations.
- •Developer tool. Enforces read, write, and execute permissions on cluster configurations.
- •Data Integration Service. Enforces execute permissions when a user tries to preview data or run a mapping, scorecard, or profile.
Types of Cluster Configuration Permissions
You can assign different permission types to users to perform the following actions:
Permission Type | Action |
|---|
Read | View the cluster configuration. Export the cluster configuration without sensitive properties. |
Write | Edit and refresh the cluster configuration. Set and clear configuration properties. Export the cluster configuration with sensitive properties. Delete the cluster configuration. Users with write permission inherit read permission. |
Execute | Run mappings in the Hadoop environment. |
Grant | Grant permission on the cluster configuration to other users and groups. Users with grant permission inherit read permission. |
All | Inherit read, write, execute, and grant permissions. |
None | Remove permissions for the user. |
Default Cluster Configuration Permissions
The domain administrator has all permissions on all cluster configurations. The user that creates a cluster configuration has read, write, execute, and grant permission for the cluster configuration. By default, all users have permission to view the cluster configuration name.
Assigning Permissions on a Cluster Configuration
When you assign permissions on a cluster configuration, you define the level of access a user or group has to the cluster configuration.
1. On the Manage tab, select the Connections view.
2. In the Navigator, select the cluster configuration.
3. In the contents panel, select the Permissions view.
4. Click the or Users tab.
5. Click Actions > > Assign Permission.
The Assign Permissions dialog box displays all users or groups that do not have permission on the cluster configuration.
6. Enter the filter conditions to search for users and groups, and click the Filter button.
7. Select a user or group, and click Next.
8. Select Allow for each permission type that you want to assign.
9. Click Finish.
Viewing Permission Details on a Cluster Configuration
When you view permission details, you can view the origin of effective permissions.
1. On the Manage tab, select the Connections view.
2. In the Navigator, select the cluster configuration.
3. In the contents panel, select the Permissions view.
4. Click the Groups or Users tab.
5. Enter the filter conditions to search for users and groups, and click the Filter button.
6. Select a user or group and click Actions > View Permission Details.
The View Permission Details dialog box appears. The dialog box displays direct permissions assigned to the user or group and direct permissions assigned to parent groups. In addition, permission details display whether the user or group is assigned the Administrator role which bypasses the permission check.
7. Click Close.
8. Or, click Edit Permissions to edit direct permissions.
Editing Permissions on a Cluster Configuration
You can edit direct permissions on a cluster configuration for a user or group. You cannot revoke inherited permissions or your own permissions.
Note: If you revoke direct permission on an object, the user or group might still inherit permission from a parent group or object.
On the Manage tab, select the Connections view.
2. In the Navigator, select the cluster configuration.
3. In the contents panel, select the Permissions view.
4. Click the Groups or Users tab.
5. Enter the filter conditions to search for users and groups, and click the Filter button.
6. Select a user or group and click Actions > Edit Direct Permissions.
The Edit Direct Permissions dialog box appears.
7. Choose to allow or revoke permissions.
- - Select Allow to assign a permission.
- - Clear Allow to revoke a single permission.
- - Select Revoke to revoke all permissions.
You can view whether the permission is directly assigned or inherited by clicking View Permission Details.
8. Click OK.