Assigning Privileges and Roles to Users and Groups
You determine the actions that users can perform by assigning the following items to users and groups:
- •Privileges. A privilege determines the actions that users can perform in application clients.
- •Roles. A role is a collection of privileges. When you assign a role to a user or group, you assign the collection of privileges belonging to the role.
Use the following rules and guidelines when you assign privileges and roles to users and groups:
- •You assign privileges and roles to users and groups for the domain and for each application service that is running in the domain.
- •You can assign different privileges and roles to a user or group for each application service of the same service type.
- •A role can include privileges for the domain and multiple application service types. When you assign the role to a user or group for one application service, privileges for that application service type are assigned to the user or group.
If you change the privileges or roles assigned to a user, the changed privileges or roles take effect the next time that the user logs in.
Note: You cannot edit the privileges or roles assigned to the default Administrator user account.
Inherited Privileges
A user or group can inherit privileges from the following objects:
- •Group. When you assign privileges to a group, all subgroups and users belonging to the group inherit the privileges.
- •Role. When you assign a role to a user, the user inherits the privileges belonging to the role. When you assign a role to a group, the group and all subgroups and users belonging to the group inherit the privileges belonging to the role. The subgroups and users do not inherit the role.
You cannot revoke privileges inherited from a group or role. You can assign additional privileges to a user or group that are not inherited from a group or role.
The Privileges tab for a user or group displays all the roles and privileges assigned to the user or group for the domain and for each application service. Expand the domain or application service to view the roles and privileges assigned for the domain or service. Click the following items to display additional information about the assigned roles and privileges:
- •Name of an assigned role. Displays the role details on the details panel.
- •Information icon for an assigned role. Highlights all privileges inherited with that role.
Privileges that are inherited from a role or group display an inheritance icon. The tooltip for an inherited privilege displays which role or group the user inherited the privilege from.
Assigning Privileges and Roles to a User or Group by Navigation
1. In the Administrator tool, click the Security tab.
2. In the Navigator, select a user or group.
3. Click the Privileges tab.
4. Click Edit.
The Edit Roles and Privileges dialog box appears.
5. To assign roles, expand the domain or an application service on the Roles tab.
6. To grant roles, select the roles to assign to the user or group for the domain or application service.
You can select any role that includes privileges for the selected domain or application service type.
7. To revoke roles, clear the roles assigned to the user or group.
8. Repeat steps 1 through 7 to assign roles for another service.
9. To assign privileges, click the Privileges tab.
10. Expand the domain or an application service.
11. To grant privileges, select the privileges to assign to the user or group for the domain or application service.
12. To revoke privileges, clear the privileges assigned to the user or group.
You cannot revoke privileges inherited from a role or group.
13. Repeat steps 9 through 12 to assign privileges for another service.
14. Click OK.
Configuring Privileges in Catalog Service for Data Asset Analytics
You can use Data Asset Analytics with Enterprise Data Catalog to view analytical insights about the catalog in the form of reports. Analytical insights include information about users configured to access the catalog, assets and resources, asset usage, and enrichment and collaboration details associated with assets.
Before accessing Data Asset Analytics using the Analytics tab in Enterprise Data Catalog, make sure that you configure the required privileges for the configured users to access the tab.
Perform the following steps to configure the required permissions for the configured users to access Data Asset Analytics:
1. Log in to Informatica Administrator.
2. Click the Security tab.
3. Click the Users tab.
The Users panel appears.
4. From the Users panel, expand the directory that includes the configured user. For example, if you have used native authentication to authenticate users, expand the Native directory to view the list of configured users.
5. Select the user for whom you want to configure access permissions for Data Asset Analytics.
The <user name> page appears.
6. Click the Privileges tab.
7. Click Edit under the user name.
The Edit Roles and Privileges dialog box appears with the Roles and the Privileges tabs.
8. Click the Privileges tab in the dialog box.
9. Expand the Catalog Service that you had configured.
10. Scroll down to the Data Asset Analytics Privileges option.
11. Select from the following privileges that you want to assign to the user, based on your requirements:
Privilege | Description |
|---|
Report Management : View and Download Raw Data | The privilege to view, configure, and create analytical details in the Data Asset Analytics tab and download the reports in CSV format. As a user with this privilege, you cannot access the Application Configuration section of Data Asset Analytics to configure the Application and Server Settings tab. The reports that you create as a user with this privilege can only be accessed by you. |
Dashboard Management : Visualize | The privilege to view the analytical details in the Data Asset Analytics tab. As a user with this privilege, you can only view the analytical charts. |
Admin Management : Configuration | The administrator privilege to perform all operations in the Data Asset Analytics tab. The reports that you create as a user with this privilege can only be accessed by you. |
12. If you have configured any custom roles and want the role to be assigned to the user, make sure that you enable the required custom role from the Custom Role drop-down list located in the Roles tab for the user. A custom role defines a set of permissions and privileges that you have configured. Instead of assigning specific permissions for each user configured, you can assign the custom role to all users who require similar permissions.
13. Click OK.