Table of Contents

Search

  1. Preface
  2. Analyst Service
  3. Content Management Service
  4. Data Integration Service
  5. Data Integration Service Architecture
  6. Data Integration Service Management
  7. Data Integration Service Grid
  8. Data Integration Service Applications
  9. Mass Ingestion Service
  10. Metadata Access Service
  11. Metadata Manager Service
  12. Model Repository Service
  13. PowerCenter Integration Service
  14. PowerCenter Integration Service Architecture
  15. High Availability for the PowerCenter Integration Service
  16. PowerCenter Repository Service
  17. PowerCenter Repository Management
  18. PowerExchange Listener Service
  19. PowerExchange Logger Service
  20. SAP BW Service
  21. Search Service
  22. System Services
  23. Test Data Manager Service
  24. Test Data Warehouse Service
  25. Web Services Hub
  26. Application Service Upgrade
  27. Application Service Databases
  28. Connecting to Databases from Windows
  29. Connecting to Databases from UNIX
  30. Updating the DynamicSections Parameter of a DB2 Database

Pass-through Security

Pass-through Security

Pass-through security is the capability to connect to an SQL data service or an external source with the client user credentials instead of the credentials from a connection object.
Users might have access to different sets of data based on the job in the organization. Client systems restrict access to databases by the user name and the password. When you create an SQL data service, you might combine data from different systems to create one view of the data. However, when you define the connection to the SQL data service, the connection has one user name and password.
If you configure pass-through security, you can restrict users from some of the data in an SQL data service based on their user name. When a user connects to the SQL data service, the Data Integration Service ignores the user name and the password in the connection object. The user connects with the client user name or the LDAP user name.
A web service operation mapping might need to use a connection object to access data. If you configure pass-through security and the web service uses WS-Security, the web service operation mapping connects to a source using the user name and password provided in the web service SOAP request.
Configure pass-through security for a connection in the connection properties of the Administrator tool or with infacmd dis UpdateServiceOptions. You can set pass-through security for connections to deployed applications. You cannot set pass-through security in the Developer tool. Only SQL data services and web services recognize the pass-through security configuration.
For more information about configuring security for SQL data services, see the Informatica How-To Library article "How to Configure Security for SQL Data Services": https://kb.informatica.com/h2l/HowTo%20Library/1/0266_ConfiguringSecurityForSQLDataServices.pdf.

Example

An organization combines employee data from multiple databases to present a single view of employee data in an SQL data service. The SQL data service contains data from the Employee and Compensation databases. The Employee database contains name, address, and department information. The Compensation database contains salary and stock option information.
A user might have access to the Employee database but not the Compensation database. When the user runs a query against the SQL data service, the Data Integration Service replaces the credentials in each database connection with the user name and the user password. The query fails if the user includes salary information from the Compensation database.