Domain Object Permissions
You configure privileges and permissions to manage user security within the domain. Permissions define the level of access a user has to a domain object. To log in to the Administrator tool, a user must have permission on at least one domain object. If a user has permission on an object, but does not have the domain privilege that grants the ability to modify the object type, then the user can only view the object.
For example, if a user has permission on a node, but does not have the Manage Nodes and Grids privilege, the user can view the node properties, but cannot configure, shut down, or remove the node.
You can configure permissions on the following types of domain objects:
Domain Object Type | Description of Permission |
|---|
Domain | Enables Administrator tool users to access all objects in the domain. When users have permission on a domain, they inherit permission on all objects in the domain. |
Folder | Enables Administrator tool users to access all objects in the folder in the Administrator tool. When users have permission on a folder, they inherit permission on all objects in the folder. |
Node | Enables Administrator tool users to view and edit the node properties. Without permission, a user cannot use the node when defining an application service or creating a grid. |
Grid | Enables Administrator tool users to view and edit the grid properties. Without permission, a user cannot assign the grid to a Data Integration Service or PowerCenter Integration Service. |
License | Enables Administrator tool users to view and edit the license properties. Without permission, a user cannot use the license when creating an application service. |
Application Service | Enables Administrator tool users to view and edit the application service properties. |
Operating System Profile | Enables PowerCenter users to run workflows associated with the operating system profile. If the user that runs a workflow does not have permission on the operating system profile assigned to the workflow, the workflow fails. |
You can use the following methods to manage domain object permissions:
- •Manage permissions by domain object. Use the Permissions view of a domain object to assign and edit permissions on the object for multiple users or groups.
- •Manage permissions by user or group. Use the Manage Permissions dialog box to assign and edit permissions on domain objects for a specific user or group.
Note: You configure permissions on an operating system profile differently than you configure permissions on other domain objects.
Permissions by Domain Object
Use the Permissions view of a domain object to assign, view, and edit permissions on the domain object for multiple users or groups.
Assigning Permissions on a Domain Object
When you assign permissions on a domain object, you grant users and groups access to the object.
1. On the Manage tab, select the Services and Nodes view.
2. In the Navigator, select the domain object.
3. In the contents panel, select the Permissions view.
4. Click the Groups or Users tab.
5. Click Actions > Assign Permission.
The Assign Permissions dialog box displays all users or groups that do not have permission on the object.
6. Enter the filter conditions to search for users and groups, and click the Filter button.
7. Select a user or group, and click Next.
8. Select Allow, and click Finish.
Viewing Permission Details on a Domain Object
When you view permission details, you can view the origin of effective permissions.
1. On the Manage tab, select the Services and Nodes view.
2. In the Navigator, select the domain object.
3. In the contents panel, select the Permissions view.
4. Click the Groups or Users tab.
5. Enter the filter conditions to search for users and groups, and click the Filter button.
6. Select a user or group and click Actions > View Permission Details.
The Permission Details dialog box appears. The dialog box displays direct permissions assigned to the user or group, direct permissions assigned to parent groups, and permissions inherited from parent objects. In addition, permission details display whether the user or group is assigned the Administrator role which bypasses permission checking.
7. Click Close.
8. Or, click Edit Permissions to edit direct permissions.
Editing Permissions on a Domain Object
You can edit direct permissions on a domain object for a user or group. You cannot revoke inherited permissions or your own permissions.
Note: If you revoke direct permission on an object, the user or group might still inherit permission from a parent group or object.
1. On the Manage tab, select the Services and Nodes view.
2. In the Navigator, select the domain object.
3. In the contents panel, select the Permissions view.
4. Click the Groups or Users tab.
5. Enter the filter conditions to search for users and groups, and click the Filter button.
6. Select a user or group and click Actions > Edit Direct Permissions.
The Edit Direct Permissions dialog box appears.
7. To assign permission on the object, select Allow.
8. To revoke permission on the object, select Revoke.
You can view whether the permission is directly assigned or inherited by clicking View Permission Details.
9. Click OK.
Permissions by User or Group
Use the Manage Permissions dialog box to view, assign, and edit domain object permissions for a specific user or group.
Viewing Permission Details for a User or Group
When you view permission details, you can view the origin of effective permissions.
1. In the header of Infomatica Administrator, click Manage > Permissions.
The Manage Permissions dialog box appears.
2. Click the Groups or Users tab.
3. Enter a string to search for users and groups, and click the Filter button.
4. Select a user or group.
5. Select a domain object and click the View Permission Details button.
The Permission Details dialog box appears. The dialog box displays direct permissions assigned to the user or group, direct permissions assigned to parent groups, and permissions inherited from parent objects. In addition, permission details display whether the user or group is assigned the Administrator role which bypasses permission checking.
6. Click Close.
7. Or, click Edit Permissions to edit direct permissions.
Assigning and Editing Permissions for a User or Group
When you edit domain object permissions for a user or group, you can assign permissions and edit existing direct permissions. You cannot revoke inherited permissions or your own permissions.
Note: If you revoke direct permission on an object, the user or group might still inherit permission from a parent group or object.
1. In the header of Infomatica Administrator, click Manage > Permissions.
The Manage Permissions dialog box appears.
2. Click the Groups or Users tab.
3. Enter a string to search for users and groups and click the Filter button.
4. Select a user or group.
5. Select a domain object and click the Edit Direct Permissions button.
The Edit Direct Permissions dialog box appears.
6. To assign permission on the object, select Allow.
7. To revoke permission on the object, select Revoke.
You can view whether the permission is directly assigned or inherited by clicking View Permission Details.
8. Click OK.
9. Click Close.
Operating System Profile Permissions
Use the Configure Operating System Profiles dialog box to assign, view, and edit permissions on operating system profiles.
Assigning Permissions on an Operating System Profile
When you assign permissions on an operating system profile, PowerCenter users can run workflows assigned to the operating system profile.
1. On the Security tab, click Actions > Configure Operating System Profiles.
The Configure Operating System Profiles dialog box appears.
2. Select the operating system profile, and click the Permissions tab.
3. Select the Groups or Users view, and click the Assign Permission button.
The Assign Permissions dialog box displays all users or groups that do not have permission on the operating system profile.
4. Enter the filter conditions to search for users and groups, and click the Filter button.
5. Select a user or group, and click Next.
6. Select Allow, and click Finish.
Viewing Permission Details on an Operating System Profile
When you view permission details, you can view the origin of effective permissions.
1. On the Security tab, click Actions > Configure Operating System Profiles.
The Configure Operating System Profiles dialog box appears.
2. Select the operating system profile, and click the Permissions tab.
3. Select the Groups or Users view.
4. Enter the filter conditions to search for users and groups, and click the Filter button.
5. Select a user or group and click Actions > View Permission Details.
The Permission Details dialog box appears. The dialog box displays direct permissions assigned to the user or group, direct permissions assigned to parent groups, and permissions inherited from parent objects. In addition, permission details display whether the user or group is assigned the Administrator role which bypasses permission checking.
6. Click Close.
7. Or, click Edit Permissions to edit direct permissions.
Editing Permissions on an Operating System Profile
You can edit direct permissions on an operating system profile for a user or group. You cannot revoke inherited permissions or your own permissions.
Note: If you revoke direct permission on an object, the user or group might still inherit permission from a parent group or object.
1. On the Security tab, click Actions > Configure Operating System Profiles.
The Configure Operating System Profiles dialog box appears.
2. Select the operating system profile, and click the Permissions tab.
3. Select the Groups or Users view.
4. Enter the filter conditions to search for users and groups, and click the Filter button.
5. Select a user or group and click Actions > Edit Direct Permissions.
The Edit Direct Permissions dialog box appears.
6. To assign permission on the operating system profile, select Allow.
7. To revoke permission on the operating system profile, select Revoke.
You can view whether the permission is directly assigned or inherited by clicking View Permission Details.
8. Click OK.