Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication Setup
  6. Domain Security
  7. Security Management in Informatica Administrator
  8. Users and Groups
  9. Privileges and Roles
  10. Permissions
  11. Audit Reports
  12. Command Line Privileges and Permissions
  13. Custom Roles

Verify Privileges and Permissions for the User Accounts

Verify Privileges and Permissions for the User Accounts

Before you enable Kerberos authentication, verify that the users in the LDAP security domain have the correct groups, roles, privileges, and permissions. You can use infacmd to verify groups, roles, privileges, and permissions for the user accounts in the LDAP security domain.
Verify that the following objects migrated successfully:
Users and groups
To determine the groups that user accounts belong to, get a list of the users and associated groups. Run the following command:
infacmd aud getUserGroupAssociation
Roles
To get the list of roles associated with the domain users and groups, run the following command:
infacmd aud getUserGroupAssociationForRoles
Privileges
To get a list of the privileges assigned to the users and groups in the domain, run the following command:
infacmd aud getPrivilegeAssociation
Permissions
To get a list of the permissions assigned to the users and groups in the domain, run the following command:
infacmd aud getDomainObjectPermissions
Permissions on folders and global objects
If the domain contains a PowerCenter Repository Service, verify permissions for PowerCenter folders and global repository objects assigned to the user accounts. The PowerCenter repository can have the following objects:
  • Folders
  • Deployment groups
  • Labels
  • Queries
  • Connections
After you configure the domain to use Kerberos authentication, you cannot modify the native user accounts.
After you confirm that the groups, roles, privileges, and permissions for the native user accounts have been successfully moved to the LDAP user accounts, delete the native user accounts. Use the Administrator tool to delete the user accounts. For more information, see Deleting Native Users.


Updated April 29, 2019