Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication Setup
  6. Domain Security
  7. Security Management in Informatica Administrator
  8. Users and Groups
  9. Privileges and Roles
  10. Permissions
  11. Audit Reports
  12. Command Line Privileges and Permissions
  13. Custom Roles

infacmd isp Commands

infacmd isp Commands

To run
infacmd isp
commands, users must have one of the listed sets of domain privileges, service privileges, domain object permissions, and connection permissions.
Users must be assigned the Administrator role for the domain to run the following commands:
  • AddDomainLink
  • AssignGroupPermission (on domain)
  • AssignGroupPermission (on operating system profiles)
  • AddServiceLevel
  • AssignUserPermission (on domain)
  • AssignUserPermission (on operating system profiles)
  • CreateOSProfile
  • PurgeLog
  • RemoveDomainLink
  • RemoveOSProfile
  • RemoveServiceLevel
  • SwitchToGatewayNode
  • SwitchToWorkerNode
  • UpdateDomainOptions
  • UpdateGatewayInfo
  • UpdateServiceLevel
  • UpdateSMTPOptions
Users must be assigned the Administrator role for the domain to run the
UpdateGatewayInfo
command.
The following table lists the required privileges and permissions for
infacmd isp
commands:
infacmd isp Command
Privilege Group
Privilege Name
Permission On
GetNodeName
-
-
Node
UpdateGatewayInfo
-
-
-
infacmd isp Command
Privilege Group
Privilege Name
Permission On
AddAlertUser (for your user account)
-
-
-
AddAlertUser (for other users)
Security Administration
Manage Users, Groups, and Roles
-
AddConnectionPermissions
-
-
Grant on connection
AddDomainLink
-
-
-
AddDomainNode
Domain Administration
Manage Nodes and Grids
Domain and node
AssignGroupPermission (on application services or license objects)
Domain Administration
Manage Services
Application service or license object
AssignGroupPermission (on domain)
-
-
-
AssignGroupPermission (on folders)
Domain Administration
Manage Domain Folders
Folder
AssignGroupPermission (on nodes and grids)
Domain Administration
Manage Nodes and Grids
Node or grid
AssignGroupPermission (on operating system profiles)
-
-
-
AddGroupPrivilege
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, PowerCenter Repository Service, or Reporting Service
AddLicense
Domain Administration
Manage Services
Domain or parent folder
AddNodeResource
Domain Administration
Manage Nodes and Grids
Node
AddRolePrivilege
Security Administration
Manage Users, Groups, and Roles
-
AddServiceLevel
-
-
-
AssignUserPermission (on application services or license objects)
Domain Administration
Manage Services
Application service or license object
AssignUserPermission (on domain)
-
-
-
AssignUserPermission (on folders)
Domain Administration
Manage Domain Folders
Folder
AssignUserPermission (on nodes or grids)
Domain Administration
Manage Nodes and Grids
Node or grid
AssignUserPermission (on operating system profiles)
-
-
-
AssignUserPrivilege
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, PowerCenter Repository Service, or Reporting Service
AssignUserToGroup
Security Administration
Manage Users, Groups, and Roles
-
AssignedToLicense
Domain Administration
Manage Services
License object and application service
AssignISTOMMService
Domain Administration
Manage Services
Metadata Manager Service
AssignLicense
Domain Administration
Manage Services
License object and application service
AssignRoleToGroup
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, PowerCenter Repository Service, or Reporting Service
AssignRoleToUser
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, PowerCenter Repository Service, or Reporting Service
AssignRSToWSHubService
Domain Administration
Manage Services
PowerCenter Repository Service and Web Services Hub
ConvertLogFile
-
-
Domain or application service
CreateFolder
Domain Administration
Manage Domain Folders
Domain or parent folder
CreateConnection
-
-
-
CreateGrid
Domain Administration
Manage Nodes and Grids
Domain or parent folder and nodes assigned to grid
CreateGroup
Security Administration
Manage Users, Groups, and Roles
-
CreateIntegrationService
Domain Administration
Manage Services
Domain or parent folder, node or grid where PowerCenter Integration Service runs, license object, and associated PowerCenter Repository Service
CreateMMService
Domain Administration
Manage Services
Domain or parent folder, node where Metadata Manager Service runs, license object, and associated PowerCenter Integration Service and PowerCenter Repository Service
CreateOSProfile
-
-
-
CreateReportingService
Domain Administration
Manage Services
Domain or parent folder, node where Reporting Service runs, license object, and the application service selected for reporting
CreateRepositoryService
Domain Administration
Manage Services
Domain or parent folder, node where PowerCenter Repository Service runs, and license object
CreateRole
Security Administration
Manage Users, Groups, and Roles
-
CreateSAPBWService
Domain Administration
Manage Services
Domain or parent folder, node or grid where SAP BW Service runs, license object, and associated PowerCenter Integration Service
CreateUser
Security Administration
Manage Users, Groups, and Roles
-
CreateWSHubService
Domain Administration
Manage Services
Domain or parent folder, node or grid where Web Services Hub runs, license object, and associated PowerCenter Repository Service
DisableNodeResource
Domain Administration
Manage Nodes and Grids
Node
DisableService (for Metadata Manager Service)
Domain Administration
Manage Service Execution
Metadata Manager Service and associated PowerCenter Integration Service and PowerCenter Repository Service
DisableService (for all other application services)
Domain Administration
Manage Service Execution
Application service
DisableServiceProcess
Domain Administration
Manage Service Execution
Application service
DisableUser
Security Administration
Manage Users, Groups, and Roles
-
EditUser
Security Administration
Manage Users, Groups, and Roles
-
EnableNodeResource
Domain Administration
Manage Nodes and Grids
Node
EnableService (for Metadata Manager Service)
Domain Administration
Manage Service Execution
Metadata Manager Service, and associated PowerCenter Integration Service and PowerCenter Repository Service
EnableService (for all other application services)
Domain Administration
Manage Service Execution
Application service
EnableServiceProcess
Domain Administration
Manage Service Execution
Application service
EnableUser
Security Administration
Manage Users, Groups, and Roles
-
ExportDomainObjects (for users, groups, and roles)
Security Administration
Manage Users, Groups, and Roles
-
ExportDomainObjects (for connections)
Domain Administration
Manage Connections
Read on connections
ExportUsersAndGroups
Security Administration
Manage Users, Groups, and Roles
-
GetFolderInfo
-
-
Folder
GetLastError
-
-
Application service
GetLog
-
-
Domain or application service
GetNodeName
-
-
Node
GetServiceOption
-
-
Application service
GetServiceProcessOption
-
-
Application service
GetServiceProcessStatus
-
-
Application service
GetServiceStatus
-
-
Application service
GetSessionLog
Run-time Objects
Monitor
Read on repository folder
GetWorkflowLog
Run-time Objects
Monitor
Read on repository folder
Help
-
-
-
ImportDomainObjects (for users, groups, and roles)
Security Administration
Manage Users, Groups, and Roles
-
ImportDomainObjects (for connections)
Domain Administration
Manage Connections
Write on connections
ImportUsersAndGroups
Security Administration
Manage Users, Groups, and Roles
-
ListAlertUsers
-
-
Domain
ListAllGroups
-
-
-
ListAllRoles
-
-
-
ListAllUsers
-
-
-
ListConnectionOptions
-
-
Read on connection
ListConnections
-
-
-
ListConnectionPermissions
-
-
-
ListConnectionPermissions by Group
-
-
-
ListConnectionPermissions by User
-
-
-
ListDomainLinks
-
-
Domain
ListDomainOptions
-
-
Domain
ListFolders
-
-
Folders
ListGridNodes
-
-
-
ListGroupsForUser
-
-
Domain
ListGroupPermissions
-
-
-
ListGroupPrivilege
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, PowerCenter Repository Service, or Reporting Service
ListLDAPConnectivity
Security Administration
Manage Users, Groups, and Roles
-
ListLicenses
-
-
License objects
listMonitoringOptions
Monitoring
Monitoring Configuration
Domain
ListNodeOptions
-
-
Node
ListNodes
-
-
-
ListNodeResources
-
-
Node
ListPlugins
-
-
-
ListRepositoryLDAPConfiguration
-
-
Domain
ListRolePrivileges
-
-
-
ListSecurityDomains
Security Administration
Manage Users, Groups, and Roles
-
ListServiceLevels
-
-
Domain
ListServiceNodes
-
-
Application service
ListServicePrivileges
-
-
-
ListServices
-
-
-
ListSMTPOptions
-
-
Domain
ListUserPermissions
-
-
-
ListUserPrivilege
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, PowerCenter Repository Service, or Reporting Service
MoveFolder
Domain Administration
Manage Domain Folders
Original and destination folders
MoveObject (for application services or license objects)
Domain Administration
Manage Services
Original and destination folders
MoveObject (for nodes or grids)
Domain Administration
Manage Nodes and Grids
Original and destination folders
Ping
-
-
-
PurgeLog
-
-
-
purgeMonitoringData
Monitoring
Monitoring Configuration
Domain
RemoveAlertUser (for your user account)
-
-
-
RemoveAlertUser (for other users)
Security Administration
Manage Users, Groups, and Roles
-
RemoveConnection
-
-
Write on connection
RemoveConnectionPermissions
-
-
Grant on connection
RemoveDomainLink
-
-
-
RemoveFolder
Domain Administration
Manage Domain Folders
Domain or parent folder and folder being removed
RemoveGrid
Domain Administration
Manage Nodes and Grids
Domain or parent folder and grid
RemoveGroup
Security Administration
Manage Users, Groups, and Roles
-
RemoveGroupPrivilege
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, PowerCenter Repository Service, or Reporting Service
RemoveLicense
Domain Administration
Manage Services
Domain or parent folder and license object
RemoveNode
Domain Administration
Manage Nodes and Grids
Domain or parent folder and node
RemoveNodeResource
Domain Administration
Manage Nodes and Grids
Node
RemoveOSProfile
-
-
-
RemoveRole
Security Administration
Manage Users, Groups, and Roles
-
RemoveRolePrivilege
Security Administration
Manage Users, Groups, and Roles
-
RemoveService
Domain Administration
Manage Services
Domain or parent folder and application service
RemoveServiceLevel
-
-
-
RemoveUser
Security Administration
Manage Users, Groups, and Roles
-
RemoveUserFromGroup
Security Administration
Manage Users, Groups, and Roles
-
RemoveUserPrivilege
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, PowerCenter Repository Service, or Reporting Service
RenameConnection
-
-
Write on connection
ResetPassword (for your user account)
-
-
-
ResetPassword (for other users)
Security Administration
Manage Users, Groups, and Roles
-
RunCPUProfile
Domain Administration
Manage Nodes and Grids
Node
SetConnectionPermission
-
-
Grant on connection
SetLDAPConnectivity
Security Administration
Manage Users, Groups, and Roles
-
SetRepositoryLDAPConfiguration
-
-
Domain
ShowLicense
-
-
License object
ShutdownNode
Domain Administration
Manage Nodes and Grids
Node
SwitchToGatewayNode
-
-
-
SwitchToWorkerNode
-
-
-
UnAssignISMMService
Domain Administration
Manage Services
PowerCenter Integration Service and Metadata Manager Service
UnassignLicense
Domain Administration
Manage Services
License object and application service
UnAssignRoleFromGroup
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, PowerCenter Repository Service, or Reporting Service
UnAssignRoleFromUser
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, PowerCenter Repository Service, or Reporting Service
UnassignRSWSHubService
Domain Administration
Manage Services
PowerCenter Repository Service and Web Services Hub
UnassociateDomainNode
Domain Administration
Manage Nodes and Grids
Node
UpdateConnection
-
-
Write on connection
UpdateDomainOptions
-
-
-
UpdateFolder
Domain Administration
Manage Domain Folders
Folder
UpdateGatewayInfo
-
-
-
UpdateGrid
Domain Administration
Manage Nodes and Grids
Grid and nodes
UpdateIntegrationService
Domain Administration
Manage Services
PowerCenter Integration Service
UpdateLicense
Domain Administration
Manage Services
License object
UpdateMMService
Domain Administration
Manage Services
Metadata Manager Service
updateMonitoringOptions
Monitoring
Monitoring Configuration
Domain
UpdateNodeOptions
Domain Administration
Manage Nodes and Grids
Node
UpdateNodeRole
Domain Administration
Manage Nodes and Grids
Node
UpdateOSProfile
Security Administration
Manage Users, Groups, and Roles
Operating system profile
UpdateReportingService
Domain Administration
Manage Services
Reporting Service
UpdateRepositoryService
Domain Administration
Manage Services
PowerCenter Repository Service
UpdateSAPBWService
Domain Administration
Manage Services
SAP BW Service
UpdateServiceLevel
-
-
-
UpdateServiceProcess
Domain Administration
Manage Services
PowerCenter Integration Service
Each node added to the PowerCenter Integration Service
UpdateSMTPOptions
-
-
-
UpdateWSHubService
Domain Administration
Manage Services
Web Services Hub


Updated April 29, 2019