Connection Permissions
Permissions control the level of access that a user or group has on the connection.
You can configure permissions on a connection in the Analyst tool, Developer tool, or Administrator tool.
Any connection permission that is assigned to a user or group in one tool also applies in other tools. For example, you grant GroupA permission on ConnectionA in the Developer tool. GroupA has permission on ConnectionA in the Analyst tool and Administrator tool also.
Any connection permission that is assigned to a user or group in one tool also applies in other tools. For example, you grant GroupA permission on ConnectionA in the Developer tool. GroupA has permission on ConnectionA in the Administrator tool also.
The following Informatica components use the connection permissions:
- •Administrator tool. Enforces read, write, and execute permissions on connections.
- •Analyst tool. Enforces read, write, and execute permissions on connections.
- •Informatica command line interface. Enforces read, write, and grant permissions on connections.
- •Developer tool. Enforces read, write, and execute permissions on connections.
For SQL data services, the Developer tool does not enforce connection permissions. Instead, it enforces column-level and pass-through security to restrict access to data.
- •Data Integration Service. Enforces execute permissions when a user tries to preview data or run a mapping, scorecard, or profile.
Note: You cannot assign permissions on the following connections: profiling warehouse, data object cache database, or Model repository.
Types of Connection Permissions
You can assign different permission types to users to perform the following actions:
Action | Permission Types |
|---|
View all connection metadata, except passwords, such as connection name, type, description, connection strings, and user names. | Read |
Edit all connection metadata, including passwords. Delete the connection. Users with Write permission inherit Read permission. | Write |
Access the physical data in the underlying data source defined by the connection. Users can preview data, run a mapping, run a mapping in a workflow Mapping task, run a scorecard, or run a profile that uses the connection. | Execute |
Grant and revoke permissions on connections. | Grant |
Default Connection Permissions
The domain administrator has all permissions on all connections. The user that creates a connection has read, write, execute, and grant permission on the connection. By default, all users have permission to perform the following actions on connections:
- •View basic connection metadata, such as connection name, type, and description.
- •Use the connection in mappings in the Developer tool.
- •Create profiles in the Analyst tool on objects in the connection.
Assigning Permissions on a Connection
When you assign permissions on a connection, you define the level of access a user or group has to the connection.
1. On the Manage tab, select the Connections view.
2. In the Navigator, select the connection.
3. In the contents panel, select the Permissions view.
4. Click the Groups or Users tab.
5. Click Actions > Assign Permission.
The Assign Permissions dialog box displays all users or groups that do not have permission on the connection.
6. Enter the filter conditions to search for users and groups, and click the Filter button.
7. Select a user or group, and click Next.
8. Select Allow for each permission type that you want to assign.
9. Click Finish.
Viewing Permission Details on a Connection
When you view permission details, you can view the origin of effective permissions.
1. On the Manage tab, select the Connections view.
2. In the Navigator, select the connection.
3. In the contents panel, select the Permissions view.
4. Click the Groups or Users tab.
5. Enter the filter conditions to search for users and groups, and click the Filter button.
6. Select a user or group and click Actions > View Permission Details.
The View Permission Details dialog box appears. The dialog box displays direct permissions assigned to the user or group and direct permissions assigned to parent groups. In addition, permission details display whether the user or group is assigned the Administrator role which bypasses the permission check.
7. Click Close.
8. Or, click Edit Permissions to edit direct permissions.
Editing Permissions on a Connection
You can edit direct permissions on a connection for a user or group. You cannot revoke inherited permissions or your own permissions.
Note: If you revoke direct permission on an object, the user or group might still inherit permission from a parent group or object.
1. On the Manage tab, select the Connections view.
2. In the Navigator, select the connection.
3. In the contents panel, select the Permissions view.
4. Click the Groups or Users tab.
5. Enter the filter conditions to search for users and groups, and click the Filter button.
6. Select a user or group and click Actions > Edit Direct Permissions.
The Edit Direct Permissions dialog box appears.
7. Choose to allow or revoke permissions.
- - Select Allow to assign a permission.
- - Clear Allow to revoke a single permission.
- - Select Revoke to revoke all permissions.
You can view whether the permission is directly assigned or inherited by clicking View Permission Details.
8. Click OK.