Table of Contents

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication
  6. Domain Security
  7. SAML Authentication for Informatica Web Applications
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Security Guide

Security Guide

Troubleshooting Privileges and Roles

Troubleshooting Privileges and Roles

I cannot assign privileges or roles to users for an existing Metadata Manager Service or PowerCenter Repository Service.
You cannot assign privileges and roles to users and groups for an existing Metadata Manager Service or PowerCenter Repository Service in the following situations:
  • The application service is disabled.
  • The PowerCenter Repository Service is running in exclusive mode.
I removed a privilege from a group. Why do some users in the group still have that privilege?
You can use any of the following methods to assign privileges to a user:
  • Assign a privilege directly to a user.
  • Assign a role to a user.
  • Assign a privilege or role to a group that the user belongs to.
If you remove a privilege from a group, users that belong to that group can be directly assigned the privilege or can inherit the privilege from an assigned role.
I am assigned all domain privileges and permission on all domain objects, but I cannot complete all tasks in the Administrator tool.
Some of the Administrator tool tasks are determined by the Administrator role, not by privileges or permissions. You can be assigned all privileges for the domain and granted full permissions on all domain objects. However, you cannot complete the tasks determined by the Administrator role.
I am assigned the Administrator role for an application service, but I cannot configure the application service in the Administrator tool.
When you have the Administrator role for an application service, you are an application client administrator. An application client administrator has full permissions and privileges in an application client.
However, an application client administrator does not have permissions or privileges on the Informatica domain. An application client administrator cannot log in to the Administrator tool to manage the service for the application client for which it has administrator privileges.
To manage an application service in the Administrator tool, you must have the appropriate domain privileges and permissions.
I am assigned the Administrator role for the PowerCenter Repository Service, but I cannot use the Repository Manager to perform an advanced purge of objects or to create reusable metadata extensions.
You must have the Manage Services domain privilege and permission on the PowerCenter Repository Service in the Administrator tool to perform the following actions in the Repository Manager:
  • Perform an advanced purge of object versions at the PowerCenter repository level.
  • Create, edit, and delete reusable metadata extensions.
My privileges indicate that I should be able to edit objects in an application client, but I cannot edit any metadata.
You might not have the required object permissions in the application client. Even if you have the privilege to perform certain actions, you may also require permission to perform the action on a particular object.
I cannot use pmrep to connect to a new PowerCenter Repository Service running in exclusive mode.
The Service Manager might not have synchronized the list of users and groups in the PowerCenter repository with the list in the domain configuration database. To synchronize the list of users and groups, restart the PowerCenter Repository Service.
I am assigned all privileges in the Folders privilege group for the PowerCenter Repository Service and have read, write, and execute permission on a folder. However, I cannot configure the permissions for the folder.
Only the folder owner or a user assigned the Administrator role for the PowerCenter Repository Service can complete the following folder management tasks:
  • Assign operating system profiles to folders if the PowerCenter Integration Service uses operating system profiles. Requires permission on the operating system profile.
  • Change the folder owner.
  • Configure folder permissions.
  • Delete the folder.
  • Designate the folder to be shared.
  • Edit the folder name and description.
I am assigned the Administrator role for the Metadata Manager Service, but I cannot create or restore the Metadata Manager repository.
To create or restore the Metadata Manager repository, you must be in the default Administrator group. Users in the default Administrator group have more privileges than users that are assigned the Administrator role for an application service.
I am assigned the Load Resources privilege for the Metadata Manager Service, but I get an "insufficient privileges" error when I try to load Business Glossary resources.
To load Business Glossary resources, the Load Resource, Manage Resource, and View Model privileges are required. You also need write permission on any business glossary resource that you want to load.

Updated May 17, 2019


Explore Informatica Network