Project Permissions
Assign project permissions to users or groups. Project permissions determine whether a user or group can view objects, edit objects, or assign permissions to others.
You can assign the following permissions:
- Read
- The user or group can open, preview, export, validate, and deploy all objects in the project. The user or group can also view project details.
- Write
- The user or group has read permission on all objects in the project. Additionally, the user or group can edit all objects in the project, edit project details, delete all objects in the project, and delete the project.
- Grant
- The user or group has read permission on all objects in the project. Additionally, the user or group can assign permissions to other users or groups.
Users assigned the Administrator role for a Model Repository Service inherit all permissions on all projects in the Model Repository Service. Users assigned to a group inherit the group permissions.
Permissions for External Objects
Permissions apply to objects within a project. The Developer tool does not extend permissions to dependent objects when the dependent objects exist in other projects.
Dependent objects are objects that are used by other objects. For example, you create a mapplet that contains a non-reusable Expression transformation. The mapplet is the parent object. The Expression transformation is a dependent object of the mapplet.
The Developer tool creates instances of objects when you use reusable objects within a parent object. For example, you create a mapping with a reusable Lookup transformation. The mapping is the parent object. It contains an instance of the Lookup transformation.
An object can contain instances of dependent objects that exist in other projects. To view dependent object instances from other projects, you must have read permission on the other projects. To edit dependent object instances from other projects, you must have write permission on the parent object project and read permission on the other projects.
Permissions for Dependent Object Instances
You might need to access an object that contains dependent object instances from another project. If you do not have read permission on the other project, the Developer tool gives you different options based on how you access the parent object.
When you try to access a parent object that contains dependent object instances that you cannot view, the Developer tool displays a warning message. If you continue the operation, the Developer tool produces results that vary by operation type.
The following table lists the results of the operations that you can perform on the parent object:
Operation | Result |
|---|
Open the parent object. | The Developer tool prompts you to determine how to open the parent object: - - Open a Copy. The Developer tool creates a copy of the parent object. The copy does not contain the dependent object instances that you cannot view.
- - Open. The Developer tool opens the object, but it removes the dependent object instances that you cannot view. If you save the parent object, the Developer tool removes the dependent object instances from the parent object. The Developer tool does not remove the dependent objects from the repository.
- - Cancel. The Developer tool does not open the parent object.
|
Export the parent object to an XML file for use in the Developer tool. | The Developer tool creates the export file without the dependent object instances. |
Export the parent object to PowerCenter. | You cannot export the parent object. |
Validate the parent object. | The Developer tool validates the parent object as if the dependent objects were not part of the parent object. |
Deploy the parent object. | You cannot deploy the parent object. |
Copy and paste the parent object. | The Developer tool creates the new object without the dependent object instances. |
Security Details
When you access an object that contains dependent object instances that you cannot view, the Developer tool displays a warning message. The warning message allows you to view details about the dependent objects.
To view details about the dependent objects, click the Details button in the warning message. If you have the Show Security Details Model Repository Service privilege, the Developer tool lists the projects that contain the objects that you cannot view. If you do not have the Show Security Details privilege, the Developer tool indicates that you that you do not have sufficient privileges to view the project names.
Parent Object Access
If you create parent objects that use dependent object instances from other projects, users might not be able to edit the parent objects. If you want users to be able to edit the parent object and preserve the parent object functionality, you can create instances of the dependent objects in a mapplet.
For example, you create a mapping that contains a reusable Lookup transformation from another project. You want the users of your project to be able to edit the mapping, but not the Lookup transformation.
If you place the Lookup transformation in the mapping, users that do not have read permission on the other project get a warning message when they open the mapping. They can open a copy of the mapping or open the mapping, but the Developer tool removes the Lookup transformation instance.
To allow users to edit the mapping, perform the following tasks:
- 1. Create a mapplet in your project. Add an Input transformation, the reusable Lookup transformation, and an Output transformation to the mapplet.
- 2. Edit the mapping, and replace the Lookup transformation with the mapplet.
- 3. Save the mapping.
When users of your project open the mapping, they see the mapplet instead of the Lookup transformation. The users can edit any part of the mapping except the mapplet.
If users export the mapping, the Developer tool does not include the Lookup transformation in the export file.
Assigning Permissions
You can add users and groups to a project and assign permissions for the users and groups. Assign permissions to determine the tasks that users can complete on objects in the project.
1. Select a project in the Object Explorer view.
2. Click File > Properties.
The Properties window appears.
3. Select Permissions.
4. Click Add to add a user and assign permissions for the user.
The Domain Users and Groups dialog box appears.
5. To filter the list of users and groups, enter a name or string.
Optionally, use the wildcard characters in the filter.
6. To filter by security domain, click the Filter by Security Domains button.
7. Select Native to show users and groups in the native security domain. Or, select All to show all users and groups.
8. Select a user or group, and click OK.
The user or group appears in the Project Permissions page of the New Project dialog box.
9. Select read, write, or grant permission for the user or group.
10. Click OK.