Table of Contents

Search

  1. Preface
  2. User administration
  3. Ecosystem single sign-on
  4. SAML single sign-on
  5. Users
  6. User groups
  7. User roles
  8. User configuration examples
  9. Editing your user profile
  10. Editing your user settings
  11. Inviting users to join your organization
  12. Notifications

User Administration

User Administration

User configuration examples

User configuration examples

The following examples illustrate ways in which you can configure users, user groups, and roles to control access to
Informatica Intelligent Cloud Services
according to your business needs.
You want your development team to create tasks and taskflows in
Data Integration
. The development team needs to view sample data in development, but you want to restrict access to production data.
  1. Create a Developer role for the development team. Configure the role with all privileges for tasks and related assets, but only the Read privilege for connections.
  2. Create a Development Team user group and add all members of the development team to the group.
  3. Assign the Developer role to the Development Team group.
  4. If possible, create development connections to sample data. If you have both development and production connections, configure the production connections so that the Development Team group does not have read permission for these connections. This prevents users in the Development Team group from using production connections in tasks.
  5. After testing is complete and tasks are ready to move into production, have an administrator or other qualified user configure the tasks to use production connections.
  6. Edit the Developer role and remove the privilege to run tasks. If development is complete for a task type, you can also remove the privileges to read and update the tasks. By removing the read privilege, you prevent users with the Developer role from accessing information about production tasks.
You have a reporting team that needs to run tasks in
Data Integration
, but does not have the technical knowledge to configure tasks safely.
  1. Create a Reporter role for the reporting team. Configure the role with privileges to read and run tasks and taskflows, and privileges to read, create, and update schedules. Do not enable privileges to create, update, delete or set permissions on assets in the organization.
  2. Create a Reporting Team user group and add all members of the reporting team to the group.
  3. Assign the Reporter role to the Reporting Team group.
You want a security administrator who can assign roles and user groups and configure access control, but cannot create, edit, or run tasks.
  1. Create a custom role called Security Administrator.
  2. Edit the Security Administrator role and grant all privileges except the privileges to create, update, delete, and run tasks, connections, and schedules.
  3. Assign the Security Administrator role to the security administrator.
You want to easily keep track of your organization administrators.
Create a user group called "Organization Administrators" and assign the Admin role to the group. Add all of your organization administrators to the group.
Your organization uses an OrderProcessing API to manage orders to a large supplier. This API consists of processes in
Application Integration
that include CreateOrder, ApproveOrder, and GetOrder. As an Admin, you want to restrict access to the ApproveOrder process to a few people.
  1. Create a custom role called Approver. Configure the Run privilege for Application Integration Assets for the Approver role.
  2. Create a user group called Order Approvers.
  3. Assign the Approver role to the Order Approvers group.
  4. Assign the Service Consumer role to the Order Approvers group. You must do this as the Service Consumer role can access and invoke processes.
  5. Assign the users who need to be able to invoke the ApproveOrder process to the Order Approvers group.
  6. In the ApproveOrder process, you must configure one of the following fields:
    • To assign access to a group of users, enter the Order Approvers group in the
      Allowed Groups
      field.
    • To assign access to a specific user, enter the user in the
      Allowed Users
      field. You can enter more than one user in the field.
Only members of the Order Approvers group or the users specified in the
Allowed Users
field will be able to invoke the ApproveOrder process.
You want an
Application Integration
developer to be able to perform all functions in the
Application Integration Console
except for viewing detailed process logs.
  1. Create a role called Custom_Dev and configure the role with the following privileges:
    1. Select the
      Application Integration
      service, go to the
      Assets
      tab, and enable all CRUD privileges for
      Application Integration Assets
      .
    2. Go to the
      Features
      tab and add the Development, Console Administration, Publish Application Integration Assets, View Application Integration Console, and View Application Integration Designer privileges to the role.
    3. Select the
      Data Integration
      service, go to the
      Assets
      tab, and enable all CRUD privileges for the
      Project
      and
      Folder
      assets.
  2. Assign the Custom_Dev role to the developer.

0 COMMENTS

We’d like to hear from you!