Table of Contents


  1. Preface
  2. Command Line Programs and Utilities
  3. Installing and Configuring Command Line Utilities
  4. Using the Command Line Programs
  5. Environment Variables for Command Line Programs
  6. Using infacmd
  7. infacmd as Command Reference
  8. infacmd aud Command Reference
  9. Infacmd bg Command Reference
  10. infacmd cms Command Reference
  11. infacmd dis Command Reference
  12. Infacmd es Command Reference
  13. infacmd ipc Command Reference
  14. infacmd isp Command Reference
  15. infacmd ldm Command Reference
  16. infacmd mrs Command Reference
  17. infacmd ms Command Reference
  18. infacmd oie Command Reference
  19. infacmd ps Command Reference
  20. infacmd pwx Command Reference
  21. infacmd rms Command Reference
  22. infacmd rtm Command Reference
  23. infacmd sch Command Reference
  24. infacmd search Command Reference
  25. infacmd sql Command Reference
  26. infacmd tdm Command Reference
  27. infacmd wfs Command Reference
  28. infacmd ws Command Reference
  29. infacmd xrf Command Reference
  30. infacmd Control Files
  31. infasetup Command Reference
  32. pmcmd Command Reference
  33. pmrep Command Reference
  34. Working with pmrep Files



Assigns a privilege to a role in the domain. You can assign privileges to a role for the domain. You can also assign role privileges for each application service in the domain.
The infacmd isp AddRolePrivilege command uses the following syntax:
AddRolePrivilege <-DomainName|-dn> domain_name <-UserName|-un> user_name <-Password|-pd> password [<-SecurityDomain|-sdn> security_domain] [<-Gateway|-hp> gateway_host1:port gateway_host2:port...] [<-ResilienceTimeout|-re> timeout_period_in_seconds] <-RoleName|-rn> role_name <-ServiceType|-st> service_type AS|CMS|MM|MRS|RPS|RS|DOMAIN <-PrivilegePath|-pp> path_of_privilege
The following table describes infacmd isp AddRolePrivilege options and arguments:
Required. Name of the Informatica domain. You can set the domain name with the -dn option or the environment variable INFA_DEFAULT_DOMAIN. If you set a domain name with both methods, the -dn option takes precedence.
Required if the domain uses Native or LDAP authentication. User name to connect to the domain. You can set the user name with the -un option or the environment variable INFA_DEFAULT_DOMAIN_USER. If you set a user name with both methods, the -un option takes precedence.
Optional if the domain uses Kerberos authentication. To run the command with single sign-on, do not set the user name. If you set the user name, the command runs without single sign-on.
Required if you specify the user name. Password for the user name. The password is case sensitive. You can set a password with the -pd option or the environment variable INFA_DEFAULT_DOMAIN_PASSWORD. If you set a password with both methods, the password set with the -pd option takes precedence.
Required if the domain uses LDAP authentication. Optional if the domain uses native authentication or Kerberos authentication. Name of the security domain to which the domain user belongs. You can set a security domain with the -sdn option or the environment variable INFA_DEFAULT_SECURITY_DOMAIN. If you set a security domain name with both methods, the -sdn option takes precedence. The security domain name is case sensitive.
If the domain uses native or LDAP authentication, the default is Native. If the domain uses Kerberos authentication, the default is the LDAP security domain created during installation. The name of the security domain is the same as the user realm specified during installation.
gateway_host1:port gateway_host2:port ...
Required if the gateway connectivity information in the domains.infa file is out of date.The host names and port numbers for the gateway nodes in the domain.
Optional. Amount of time in seconds that infacmd attempts to establish or reestablish a connection to the domain. If you omit this option, infacmd uses the timeout value specified in the INFA_CLIENT_RESILIENCE_TIMEOUT environment variable. If no value is specified in the environment variable, the default of 180 seconds is used.
Required. Name of the role to which you are assigning the privilege. To enter a name that contains a space or other non-alphanumeric character, enclose the name in quotation marks.
Required. Domain or application service type to which you assign the privilege for the role.
Service types include:
  • AS. Analyst Service
  • CMS. Content Management Service
  • MM. Metadata Manager Service
  • MRS. Model Repository Service
  • RPS. Reporting Service
  • RS. PowerCenter Repository Service
  • DOMAIN. Domain
Required. Fully-qualified name of the privilege you want to assign to the group. A fully-qualified name includes privilege group name and privilege name. For example, a fully-qualified privilege name for the Repository Service is folder/create. If the privilege name includes spaces, enclose the path in quotation marks as follows:
“Runtime Objects/Monitor/Execute/Manage Execution”
If the privilege name includes the special character “/”, add the escape character “/”before it as follows:
“Model/View Model/Export\/Import Models”

Updated April 22, 2019