Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication
  6. Domain Security
  7. SAML Authentication for Informatica Web Applications
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Security Guide

Security Guide

infacmd isp Commands

infacmd isp Commands

To run infacmd isp commands, users must have one of the listed sets of domain privileges, service privileges, domain object permissions, and connection permissions.
Users must be assigned the Administrator role for the domain to run the following commands:
  • AddDomainLink
  • AssignGroupPermission (on domain)
  • AssignGroupPermission (on operating system profiles)
  • AddServiceLevel
  • AssignUserPermission (on domain)
  • AssignUserPermission (on operating system profiles)
  • CreateConnection
  • CreateOSProfile
  • PurgeLog
  • RemoveDomainLink
  • RemoveOSProfile
  • RemoveServiceLevel
  • SwitchToGatewayNode
  • SwitchToWorkerNode
  • UpdateDomainOptions
  • UpdateGatewayInfo
  • UpdateServiceLevel
  • UpdateSMTPOptions
The following table lists the required privileges and permissions for infacmd isp commands:
infacmd isp Command Privilege Group Privilege Name Permission On
AddAlertUser (for your user account) - - -
AddAlertUser (for other users) Security Administration Manage Users, Groups, and Roles -
AddConnectionPermissions - - Grant on connection
AddDomainLink - - -
AddDomainNode Domain Administration Manage Nodes and Grids Domain and node
AssignGroupPermission (on application services or license objects) Domain Administration Manage Services Application service or license object
AssignGroupPermission (on domain) - - -
AssignGroupPermission (on folders)
Domain Administration
Manage Domain Folders Folder
AssignGroupPermission (on nodes and grids)
Domain Administration
Manage Nodes and Grids
Node or grid
AssignGroupPermission (on operating system profiles)
-
- -
AddGroupPrivilege
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, or PowerCenter Repository Service.
AddLicense
Domain Administration
Manage Services
Domain or parent folder
AddNodeResource
Domain Administration
Manage Nodes and Grids
Node
AddRolePrivilege
Security Administration
Manage Users, Groups, and Roles
-
AddServiceLevel
-
-
-
AssignUserPermission (on application services or license objects)
Domain Administration
Manage Services
Application service or license object
AssignUserPermission (on domain)
-
-
-
AssignUserPermission (on folders)
Domain Administration
Manage Domain Folders
Folder
AssignUserPermission (on nodes or grids)
Domain Administration
Manage Nodes and Grids
Node or grid
AssignUserPermission (on operating system profiles)
-
-
-
AssignUserPrivilege
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, or PowerCenter Repository Service.
AssignUserToGroup
Security Administration
Manage Users, Groups, and Roles
-
AssignedToLicense
Domain Administration
Manage Services
License object and application service
AssignISTOMMService
Domain Administration
Manage Services
Metadata Manager Service
AssignLicense
Domain Administration
Manage Services
License object and application service
AssignRoleToGroup
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, or PowerCenter Repository Service.
AssignRoleToUser
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, or PowerCenter Repository Service.
AssignRSToWSHubService
Domain Administration
Manage Services
PowerCenter Repository Service and Web Services Hub
ConvertLogFile
-
-
Domain or application service
CreateFolder
Domain Administration
Manage Domain Folders
Domain or parent folder
CreateConnection
-
-
-
CreateGrid
Domain Administration
Manage Nodes and Grids
Domain or parent folder and nodes assigned to grid
CreateGroup
Security Administration
Manage Users, Groups, and Roles
-
CreateIntegrationService
Domain Administration
Manage Services
Domain or parent folder, node or grid where PowerCenter Integration Service runs, license object, and associated PowerCenter Repository Service
CreateMMService
Domain Administration
Manage Services
Domain or parent folder, node where Metadata Manager Service runs, license object, and associated PowerCenter Integration Service and PowerCenter Repository Service
CreateOSProfile
-
-
-
CreateRepositoryService
Domain Administration
Manage Services
Domain or parent folder, node where PowerCenter Repository Service runs, and license object
CreateRole
Security Administration
Manage Users, Groups, and Roles
-
CreateSAPBWService
Domain Administration
Manage Services
Domain or parent folder, node or grid where SAP BW Service runs, license object, and associated PowerCenter Integration Service
CreateUser
Security Administration
Manage Users, Groups, and Roles
-
CreateWSHubService
Domain Administration
Manage Services
Domain or parent folder, node or grid where Web Services Hub runs, license object, and associated PowerCenter Repository Service
DisableNodeResource
Domain Administration
Manage Nodes and Grids
Node
DisableService (for Metadata Manager Service)
Domain Administration
Manage Service Execution
Metadata Manager Service and associated PowerCenter Integration Service and PowerCenter Repository Service
DisableService (for all other application services)
Domain Administration
Manage Service Execution
Application service
DisableServiceProcess
Domain Administration
Manage Service Execution
Application service
DisableUser
Security Administration
Manage Users, Groups, and Roles
-
EditUser
Security Administration
Manage Users, Groups, and Roles
-
EnableNodeResource
Domain Administration
Manage Nodes and Grids
Node
EnableService (for Metadata Manager Service)
Domain Administration
Manage Service Execution
Metadata Manager Service, and associated PowerCenter Integration Service and PowerCenter Repository Service
EnableService (for all other application services)
Domain Administration
Manage Service Execution
Application service
EnableServiceProcess
Domain Administration
Manage Service Execution
Application service
EnableUser
Security Administration
Manage Users, Groups, and Roles
-
ExportDomainObjects (for users, groups, and roles)
Security Administration
Manage Users, Groups, and Roles
-
ExportDomainObjects (for connections)
Domain Administration
Manage Connections
Read on connections
ExportUsersAndGroups
Security Administration
Manage Users, Groups, and Roles
-
generateHadoopConnectionFromHiveConection
-
-
-
GetFolderInfo
-
-
Folder
GetLastError
-
-
Application service
GetLog
-
-
Domain or application service
GetNodeName
-
-
Node
GetServiceOption
-
-
Application service
GetServiceProcessOption
-
-
Application service
GetServiceProcessStatus
-
-
Application service
GetServiceStatus
-
-
Application service
GetSessionLog
Run-time Objects
Monitor
Read on repository folder
GetWorkflowLog
Run-time Objects
Monitor
Read on repository folder
Help
-
-
-
ImportDomainObjects (for users, groups, and roles)
Security Administration
Manage Users, Groups, and Roles
-
ImportDomainObjects (for connections)
Domain Administration
Manage Connections
Write on connections
ImportUsersAndGroups
Security Administration
Manage Users, Groups, and Roles
-
ListAlertUsers
-
-
Domain
ListAllGroups
-
-
-
ListAllRoles
-
-
-
ListAllUsers
-
-
-
ListConnectionOptions
-
-
Read on connection
ListConnections
-
-
-
ListConnectionPermissions
-
-
-
ListConnectionPermissions by Group
-
-
-
ListConnectionPermissions by User
-
-
-
ListDomainLinks
-
-
Domain
ListDomainOptions
-
-
Domain
ListFolders
-
-
Folders
ListGridNodes
-
-
-
ListGroupsForUser
-
-
Domain
ListGroupPermissions
-
-
-
ListGroupPrivilege
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, or PowerCenter Repository Service.
ListLDAPConnectivity
Security Administration
Manage Users, Groups, and Roles
-
ListLicenses
-
-
License objects
listMonitoringOptions Monitoring Monitoring Configuration Domain
ListNodeOptions
-
-
Node
ListNodes
-
-
-
ListNodeResources
-
-
Node
ListPlugins
-
-
-
ListRepositoryLDAPConfiguration
-
-
Domain
ListRolePrivileges
-
-
-
ListSecurityDomains
Security Administration
Manage Users, Groups, and Roles
-
ListServiceLevels
-
-
Domain
ListServiceNodes
-
-
Application service
ListServicePrivileges
-
-
-
ListServices
-
-
-
ListSMTPOptions
-
-
Domain
ListUserPermissions
-
-
-
ListUserPrivilege
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, or PowerCenter Repository Service.
MoveFolder
Domain Administration
Manage Domain Folders
Original and destination folders
MoveObject (for application services or license objects)
Domain Administration
Manage Services
Original and destination folders
MoveObject (for nodes or grids)
Domain Administration
Manage Nodes and Grids
Original and destination folders
Ping
-
-
-
PurgeLog
-
-
-
purgeMonitoringData Monitoring Monitoring Configuration Domain
RemoveAlertUser (for your user account)
-
-
-
RemoveAlertUser (for other users)
Security Administration
Manage Users, Groups, and Roles
-
RemoveConnection
-
-
Write on connection
RemoveConnectionPermissions
-
-
Grant on connection
RemoveDomainLink
-
-
-
RemoveFolder
Domain Administration
Manage Domain Folders
Domain or parent folder and folder being removed
RemoveGrid
Domain Administration
Manage Nodes and Grids
Domain or parent folder and grid
RemoveGroup
Security Administration
Manage Users, Groups, and Roles
-
RemoveGroupPrivilege
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, or PowerCenter Repository Service.
RemoveLicense
Domain Administration
Manage Services
Domain or parent folder and license object
RemoveNode
Domain Administration
Manage Nodes and Grids
Domain or parent folder and node
RemoveNodeResource
Domain Administration
Manage Nodes and Grids
Node
RemoveOSProfile
-
-
-
RemoveRole
Security Administration
Manage Users, Groups, and Roles
-
RemoveRolePrivilege
Security Administration
Manage Users, Groups, and Roles
-
RemoveService
Domain Administration
Manage Services
Domain or parent folder and application service
RemoveServiceLevel
-
-
-
RemoveUser
Security Administration
Manage Users, Groups, and Roles
-
RemoveUserFromGroup
Security Administration
Manage Users, Groups, and Roles
-
RemoveUserPrivilege
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, or PowerCenter Repository Service.
RenameConnection
-
-
Write on connection
ResetPassword (for your user account)
-
-
-
ResetPassword (for other users)
Security Administration
Manage Users, Groups, and Roles
-
RunCPUProfile
Domain Administration
Manage Nodes and Grids
Node
SetConnectionPermission
-
-
Grant on connection
SetLDAPConnectivity
Security Administration
Manage Users, Groups, and Roles
-
SetRepositoryLDAPConfiguration
-
-
Domain
ShowLicense
-
-
License object
ShutdownNode
Domain Administration
Manage Nodes and Grids
Node
SwitchToGatewayNode
-
-
-
SwitchToWorkerNode
-
-
-
UnAssignISMMService
Domain Administration
Manage Services
PowerCenter Integration Service and Metadata Manager Service
UnassignLicense
Domain Administration
Manage Services
License object and application service
UnAssignRoleFromGroup
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, or PowerCenter Repository Service.
UnAssignRoleFromUser
Security Administration
Grant Privileges and Roles
Domain, Metadata Manager Service, Model Repository Service, or PowerCenter Repository Service.
UnassignRSWSHubService
Domain Administration
Manage Services
PowerCenter Repository Service and Web Services Hub
UnassociateDomainNode
Domain Administration
Manage Nodes and Grids
Node
UpdateConnection
-
-
Write on connection
UpdateDomainOptions
-
-
-
UpdateFolder
Domain Administration
Manage Domain Folders
Folder
UpdateGatewayInfo
-
-
-
UpdateGrid
Domain Administration
Manage Nodes and Grids
Grid and nodes
UpdateIntegrationService
Domain Administration
Manage Services
PowerCenter Integration Service
UpdateLicense
Domain Administration
Manage Services
License object
UpdateMMService
Domain Administration
Manage Services
Metadata Manager Service
updateMonitoringOptions Monitoring Monitoring Configuration Domain
UpdateNodeOptions
Domain Administration
Manage Nodes and Grids
Node
UpdateNodeRole Domain Administration Manage Nodes and Grids Node
UpdateOSProfile
Security Administration
Manage Users, Groups, and Roles
Operating system profile
UpdateRepositoryService
Domain Administration
Manage Services
PowerCenter Repository Service
UpdateSAPBWService
Domain Administration
Manage Services
SAP BW Service
UpdateServiceLevel
-
-
-
UpdateServiceProcess
Domain Administration
Manage Services
PowerCenter Integration Service
Each node added to the PowerCenter Integration Service
UpdateSMTPOptions
-
-
-
UpdateWSHubService
Domain Administration
Manage Services
Web Services Hub


Updated October 10, 2019


Explore Informatica Network