Table of Contents

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication
  6. Domain Security
  7. SAML Authentication for Informatica Web Applications
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Security Guide

Security Guide

Secure Directory on UNIX

Secure Directory on UNIX

When you install Informatica, the installer creates a directory to store Informatica files that require restricted access, such as the domain encryption key file. On UNIX, the installer assigns different permissions for the directory and the files in the directory.
By default, the installer creates the following directory within the Informatica installation directory to store the encryption key: <INFA_HOME>/isp/config/keys
The /keys directory contains the encryption key file for the node. If you configure the domain to use Kerberos authentication, the directory also contains the Kerberos keytab files.
During installation, you can specify a different directory in which to store the encryption file. The installer assigns the same permissions to the specified directory as the default directory.
The /keys directory and the files in the directory have the following permissions:
Directory Permissions
The owner of the directory has -wx permissions to the directory but no r permission. The owner of the directory is the user account used to run the installer. The group to which the owner belongs also has -wx permissions to the directory but no r permission.
For example, the user account ediqa owns the directory and belongs to the infaadmin group. The ediqa user account and the infaadmin group have the following permissions: -wx-wx---
The ediqa user account and the infaadmin group can write to and run files in the directory. They cannot display the list of files in directory but they can list a specific file by name.
If you know the name of a file in the directory, you can copy the file from the directory to another location. If you do not know the name of the file, you must change the permission for the directory to include the read permission before you can copy the file. You can use the command chmod 730 to give read permission to the owner of the directory and subdirectories.
For example, you need to copy the encryption key file named siteKey to a temporary directory to make it accessible to another node in the domain. Run the command chmod 730 on the <Informatica installation directory>/isp/config directory to assign the following permissions: rwx-wx---. You can then copy the encryption key file from the /keys subdirectory to another directory.
After you complete copying the files, change the permissions for the directory back to write and execute permissions. You can use the command chmod 330 to remove the read permission.
Do not use the -R option to recursively change the permissions for the directory and files. The directory and the files in the directory have different permissions.
File Permissions
The owner of the files in the directory has rwx permissions to the files. The owner of the files in the directory is the user account used to run the installer. The group to which the owner belongs also has rwx permissions to the files in the directory.
The owner and group have full access to the file and can display or edit the file in the directory.
You must know the name of the file to be able to list or edit the file.

Updated July 24, 2019


Explore Informatica Network