English
  • PowerCenter 10.2 HotFix 1
  • All Products

Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication
  6. Domain Security
  7. SAML Authentication for Informatica Web Applications
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles

Security Guide

Security Guide

Back Next

Denying Permissions on an SQL Data Service

Denying Permissions on an SQL Data Service

You can explicitly deny permissions on some SQL data service objects. When you deny a permission on an object in an SQL data service, you are applying an exception to the effective permission.
To deny permissions use one of the following infacmd commands:
  • infacmd sql SetStoredProcedurePermissions. Denies Execute or Grant permissions at the stored procedure level.
  • infacmd sql SetTablePermissions. Denies Select and Grant permissions at the virtual table level.
  • infacmd sql SetColumnPermissions. Denies Select permission at the column level.
Each command has options to apply permissions (-ap) and deny permissions (-dp). The SetColumnPermissions command does not include the apply permissions option.
You cannot deny permissions from the Administrator tool.
The Data Integration Service verifies permissions before running SQL queries and stored procedures against the virtual database. The Data Integration Service validates the permissions for users or groups starting at the SQL data service level. When permissions apply to a parent object in an SQL data service, the child objects inherit the permission. The Data Integration Service checks for denied permissions at the column level.