Table of Contents

Search

  1. Preface
  2. Analyst Service
  3. Catalog Service
  4. Content Management Service
  5. Data Integration Service
  6. Data Integration Service Architecture
  7. Data Integration Service Management
  8. Data Integration Service Grid
  9. Data Integration Service Applications
  10. Interactive Data Preparation Service
  11. Enterprise Data Preparation Service
  12. Informatica Cluster Service
  13. Mass Ingestion Service
  14. Metadata Access Service
  15. Metadata Manager Service
  16. Model Repository Service
  17. PowerCenter Integration Service
  18. PowerCenter Integration Service Architecture
  19. High Availability for the PowerCenter Integration Service
  20. PowerCenter Repository Service
  21. PowerCenter Repository Management
  22. PowerExchange Listener Service
  23. PowerExchange Logger Service
  24. SAP BW Service
  25. Search Service
  26. System Services
  27. Test Data Manager Service
  28. Test Data Warehouse Service
  29. Web Services Hub
  30. Application Service Upgrade
  31. Appendix A: Application Service Databases
  32. Appendix B: Connecting to Databases from Windows
  33. Appendix C: Connecting to Databases
  34. Appendix D: Updating the DynamicSections Parameter of a DB2 Database

Pass-through Security

Pass-through Security

Pass-through security is the capability to connect to an SQL data service or an external source with the client user credentials instead of the credentials from a connection object.
Users might have access to different sets of data based on the job in the organization. Client systems restrict access to databases by the user name and the password. When you create an SQL data service, you might combine data from different systems to create one view of the data. However, when you define the connection to the SQL data service, the connection has one user name and password.
If you configure pass-through security, you can restrict users from some of the data in an SQL data service based on their user name. When a user connects to the SQL data service, the Data Integration Service ignores the user name and the password in the connection object. The user connects with the client user name or the LDAP user name.
A web service operation mapping might need to use a connection object to access data. If you configure pass-through security and the web service uses WS-Security, the web service operation mapping connects to a source using the user name and password provided in the web service SOAP request.
Configure pass-through security for a connection in the connection properties of the Administrator tool or with infacmd dis UpdateServiceOptions. You can set pass-through security for connections to deployed applications. You cannot set pass-through security in the Developer tool. Only SQL data services and web services recognize the pass-through security configuration.
For more information about configuring security for SQL data services, see the Informatica How-To Library article "How to Configure Security for SQL Data Services": https://kb.informatica.com/h2l/HowTo%20Library/1/0266_ConfiguringSecurityForSQLDataServices.pdf.

Example

An organization combines employee data from multiple databases to present a single view of employee data in an SQL data service. The SQL data service contains data from the Employee and Compensation databases. The Employee database contains name, address, and department information. The Compensation database contains salary and stock option information.
A user might have access to the Employee database but not the Compensation database. When the user runs a query against the SQL data service, the Data Integration Service replaces the credentials in each database connection with the user name and the user password. The query fails if the user includes salary information from the Compensation database.