Rules and Guidelines for Roles, User Groups, and Permissions

• •Assign each user a single role.
• •When implementing user groups, create an administrative user group with access to all objects. Assign the organization administrator and backup administrators to the user group.
• •When implementing user groups, create a set of user groups to provide access to all necessary objects and assign users to the user groups appropriately.
• •You can assign a user to more than one user group, but the best practice is to assign each user to a single user group.
• •To edit an object, the user also needs read permission for all objects used within the object. For example, when you assign a user the read and update permission for data synchronization tasks, verify that the user also has read permission for the connections, saved queries, mapplets, and schedules to be used in those tasks.
• •When a user edits a task, objects without read permission do not display. To avoid unexpected results, the user should cancel all changes and avoid editing the task until you grant the appropriate read permissions.
• •When configuring a task flow, a user needs run permission on tasks to be added to the task flow.
• •To edit a task flow, a user needs run permission for all tasks in the task flow. Without run permission on all tasks, the user cannot save changes to the task flow.
• •To monitor jobs or to stop a running job, a user needs run permission for the task or task flow.
• •To migrate objects, the user account in both the source and target organizations should have the Admin role with full access to the repository.
• •When adding a new license to an organization, Informatica Cloud does not grant permissions to user groups. After receiving a new license, update user groups as necessary to allow access to new objects.