You can assign roles, privileges, and permissions to user accounts in the LDAP security domain using the Administrator tool or the infacmd isp migrateusers command. An LDAP directory service stores the credentials for Informatica user accounts. A directory service does not store user roles, privileges, and permissions.

See "Assigning Privileges and Roles to Users and Groups" in the

Informatica Security Guide

for instructions on assigning roles, privileges, and permissions to user accounts using the Administrator tool. See the

Informatica Command Reference

for instructions on migrating native user roles, privileges, and permissions to the corresponding accounts in the LDAP security domain using the infacmd isp migrateusers command.

You must use the Administrator tool to enable or disable a user account in an LDAP security domain. The Service Manager does not import the LDAP attribute that indicates that a user account is enabled or disabled.

However, the status of a user account in the LDAP directory service affects user authentication for the Informatica applications. A user account that is disabled in the LDAP directory service can log in to Informatica applications based on whether the LDAP directory service allows disabled user accounts to log in. For example, Informatica user accounts can log in to Informatica applications if the user is disabled in the LDAP directory service, and the directory service allows disabled user accounts to log in.

You must make changes to LDAP users and groups in the LDAP directory service, then synchronize the LDAP security domain with the LDAP directory service. You cannot use the Administrator tool to create, edit, or delete users and groups in an LDAP security domain.

To permanently deny users in an LDAP security domain access to Informatica applications, you can delete the LDAP security domain. When you delete an LDAP security domain, the Service Manager deletes all user accounts and groups in the LDAP security domain from the Informatica domain configuration database.