Network
Data Engineering
Data Engineering Integration
Enterprise Data Catalog
Enterprise Data Preparation
Cloud Integration
Cloud Application Integration
Cloud Data Integration
Cloud Customer 360
DiscoveryIQ
Cloud Data Wizard
Informatica for AWS
Informatica for Microsoft
Cloud Integration Hub
Complex Event Processing
Proactive Healthcare Decision Management
Proactive Monitoring
Real-Time Alert Manager
Rule Point
Data Integration
B2B Data Exchange
B2B Data Transformation
Data Integration Hub
Data Replication
Data Services
Data Validation Option
Fast Clone
Informatica Platform
Metadata Manager
PowerCenter
PowerCenter Express
PowerExchange
PowerExchange Adapters
Data Quality
Axon Data Governance
Data as a Service
Data Explorer
Data Quality
Data Security Group (Formerly ILM)
Data Archive
Data Centric Security
Secure@Source
Secure Testing
Master Data Management
Identity Resolution
MDM - Relate 360
Multidomain MDM
MDM Registry Edition
Process Automation
ActiveVOS
Process Automation
Product Information Management
Informatica Procurement
MDM - Product 360
Ultra Messaging
Ultra Messaging Options
Ultra Messaging Persistence Edition
Ultra Messaging Queuing Edition
Ultra Messaging Streaming Edition
Edge Data Streaming
Knowledge Base
Resources
PAM (Product Availability Matrices)
Support TV
Velocity (Best Practices)
Mapping Templates
Debugging Tools
User Groups
Documentation
English
English
English
Español
Spanish
Deutsch
German
Français
French
日本語
Japanese
한국어
Korean
Português
Portuguese
中文
Chinese
Log Out
PowerCenter
10.2
10.5.2
10.5.1
10.5
10.4.1
10.4.0
10.2 HotFix 2
10.2 HotFix 1
10.2
H2L
Security Guide
PowerCenter 10.2
PowerCenter 10.2
All Products
Rename Saved Search
Name
* This field is required
Overwrite saved search
Confirm Deletion
Are you sure you want to delete the saved search?
Table of Contents
Search
No Results
About the Security Guide
Introduction to Informatica Security
Overview of Informatica Security
Infrastructure Security
Authentication
Secure Domain Communication
Secure Data Storage
Operational Security
Domain Configuration Repository
Security Domain
User Authentication
User Authentication Overview
Native User Authentication
LDAP User Authentication
Kerberos Authentication
SAML Authentication for Informatica Web Applications
LDAP Security Domains
LDAP Security Domains Overview
Setting Up an LDAP Security Domain
Step 1. Set Up the Connection to the LDAP Server
Step 2. Configure a Security Domain
Step 3. Schedule the Synchronization Times
Using Nested Groups in the LDAP Directory Service
Using a Self-Signed SSL Certificate
Deleting an LDAP Security Domain
Kerberos Authentication
Kerberos Overview
How Kerberos Works in an Informatica Domain
Preparing to Enable Kerberos Authentication
Step 1. Determine the Kerberos Service Principal Level
Step 2. Configure the Kerberos Configuration File
Step 3. Create Kerberos Principal Accounts in Active Directory
Accounts Required at Node Level
Accounts Required at Process Level
Step 4. Generate the Service Principal Name and Keytab File Name Formats
Generate the Service Principal Name and Keytab File Name Formats at Node Level
Generate the Service Principal Name and Keytab File Name Formats at Process Level
Review the Service Principal Name and Keytab File Name Format Text File
Step 5. Generate the Keytab Files
Generate the Keytab Files at Node Level
Generate the Keytab Files at Process Level
Verify the Service Principal Names and Keytab Files
Step 6. Enable Delegation for the Kerberos Principal User Accounts in Active Directory
Enabling Kerberos Authentication in a Domain
Step 1. Enable Kerberos Authentication in the Domain
Step 2. Update the Nodes in the Domain
Enabling Kerberos on Informatica Nodes and Client Hosts
Step 1. Copy the Keytab Files to the Informatica Nodes
Step 2. Enable Kerberos Authentication for Informatica Clients
Enabling User Accounts to Use Kerberos Authentication
Step 1. Import User Accounts from Active Directory into an LDAP Security Domain
Step 2. Migrate Native User Privileges and Permissions to the Kerberos Security Domain
Domain Security
Domain Security Overview
Secure Communication Within the Domain
Secure Communication for Services and the Service Manager
Requirements for Secure Communication within the Domain
Enabling Secure Communication for the Domain from the Command Line
Enabling Secure Communication for the Domain in the Administrator Tool
Configuring the Informatica Client Applications to Work with a Secure Domain
Secure Domain Configuration Repository Database
Configuring a Secure Domain Configuration Repository Database
Secure PowerCenter Repository Database
Secure Model Repository Database
Secure Communication for Workflows and Sessions
Enabling Secure Communication for PowerCenter DTM Processes
Secure Connections to a Web Application Service
Requirements for Secure Connections to Web Application Services
Enabling Secure Connections to the Administrator Tool
Informatica Web Application Services
Security for the Analyst Tool
Security for the Web Services Hub Console
Security for Metadata Manager
Cipher Suites for the Informatica Domain
Configure the Informatica Domain to Use Advanced Ciphers
Create the Cipher Suite Lists
Configure the Informatica Domain with a New Effective List of Cipher Suites
Secure Sources and Targets
Data Integration Service Sources and Targets
PowerCenter Sources and Targets
Secure Data Storage
Secure Directory on UNIX
Changing the Encryption Key from the Command Line
Application Services and Ports
SAML Authentication for Informatica Web Applications
SAML Authentication Overview
SAML Authentication Process
SAML Authentication Setup
Before You Enable SAML Authentication
Step 1. Create a Security Domain for Web Application User Accounts
Step 2. Export the Certificate from AD FS
Step 3. Import the Certificate into the Truststore Used for SAML Authentication
Step 4. Configure Active Directory Federation Services
Step 5. Add Informatica Web Application URLs to AD FS
Step 6. Enable SAML Authentication in the Domain
infasetup updateDomainSamlConfig Command Options
infasetup DefineDomain Command Options
Getting the Identity Provider URL
Step 7: Enable SAML Authentication on the Gateway Nodes
Gateway Node Command Options
Security Management in Informatica Administrator
Using Informatica Administrator Overview
User Security
Encryption
Authentication
Single Sign-On
Authorization
Security Tab
Using the Search Section
Using the Security Navigator
Groups
Users
Roles
Password Management
Changing Your Password
Domain Security Management
User Security Management
Users and Groups
Users and Groups OverviewUsers and Groups
Default Groups
Administrator Group
Everyone Group
Operator Group
Understanding User Accounts
Default Administrator
Domain Administrator
Application Client Administrator
User
Managing Users
Creating Native UsersCreating UsersCreating Users
Editing General Properties of Native Users
Assigning Native Users to Native Groups
Assigning LDAP Users to Native Groups
Enabling and Disabling User Accounts
Deleting Native Users
Deleting Users of PowerCenter
Deleting Users of Metadata Manager
LDAP Users
Unlocking a User Account
Increasing System Memory for Many Users
Viewing User Activity
User Activity Codes
User Activity Log Filters
Writing and Viewing User Activity Log Events
Managing Groups
Adding a Native Group
Editing Properties of a Native Group
Moving a Native Group to Another Native Group
Deleting a Native Group
LDAP Groups
Managing Operating System Profiles
Operating System Profile Properties for the PowerCenter Integration Service
Operating System Profile Properties for the Data Integration Service
Creating an Operating System Profile
Editing an Operating System Profile
Assigning a Default Operating System Profile to a User or Group
Deleting an Operating System Profile
Working with Operating System Profiles in a Secure Domain
Working with Operating System Profiles in a Domain with Kerberos Authentication
Account Lockout
Configuring Account Lockout
Rules and Guidelines for Account Lockout
Privileges and Roles
Privileges and Roles Overview
Privileges
Privilege Groups
Roles
Domain Privileges
Security Administration Privilege Group
Grant Privileges and Roles Privilege
Manage Users, Groups, and Roles Privilege
Domain Administration Privilege Group
Manage Service Execution Privilege
Manage Services Privilege
Manage Nodes and Grids Privilege
Manage Domain Folders Privilege
Manage Connections Privilege
Monitoring Privilege Group
Tools Privilege Group
Cloud Administration Privilege Group
Analyst Service Privileges
Content Management Service Privileges
Data Integration Service Privileges
Metadata Manager Service Privileges
Catalog Privilege Group
Load Privilege Group
Model Privilege Group
Security Privilege Group
Model Repository Service Privileges
PowerCenter Repository Service Privileges
Tools Privilege Group
Folders Privilege Group
Create Folders Privilege
Copy Folders Privilege
Manage Folder Versions
Design Objects Privilege Group
Create, Edit, and Delete Design Objects Privilege
Manage Design Object Versions
Sources and Targets Privilege Group
Create, Edit, and Delete Sources and Targets Privilege
Manage Source and Target Versions Privilege
Run-time Objects Privilege Group
Create, Edit, and Delete Run-time Objects Privilege
Manage Run-time Object Versions Privilege
Monitor Run-time Objects Privilege
Execute Run-time Objects Privilege
Manage Run-time Object Execution Privilege
Global Objects Privilege Group
Create Connections Privilege
Manage Deployment Groups Privilege
Execute Deployment Groups Privilege
Create Labels Privilege
Create Queries Privilege
PowerExchange Listener Service Privileges
PowerExchange Logger Service Privileges
Scheduler Service Privileges
Test Data Manager Service Privileges
Administration Privilege Group
Connections Privilege Group
Data Domains Privilege Group
Data Masking Privilege Group
Data Subset Privilege Group
Policies Privilege Group
Projects Privilege Group
Rules Privilege Group
Data Generation Privilege Group
Managing Roles
System-Defined Roles
Administrator Role
Custom Roles
Creating Custom Roles
Editing Properties for Custom Roles
Editing Privileges Assigned to Custom Roles
Deleting Custom Roles
Assigning Privileges and Roles to Users and Groups
Inherited Privileges
Assigning Privileges and Roles to a User or Group by Navigation
Viewing Users with Privileges for a Service
Troubleshooting Privileges and Roles
Permissions
Permissions Overview
Types of Permissions
Permission Search Filters
Domain Object Permissions
Permissions by Domain Object
Assigning Permissions on a Domain Object
Viewing Permission Details on a Domain Object
Editing Permissions on a Domain Object
Permissions by User or Group
Viewing Permission Details for a User or Group
Assigning and Editing Permissions for a User or Group
Operating System Profile Permissions
Assigning Permissions on an Operating System Profile
Viewing Permission Details on an Operating System Profile
Editing Permissions on an Operating System Profile
Connection Permissions
Types of Connection Permissions
Default Connection Permissions
Assigning Permissions on a Connection
Viewing Permission Details on a Connection
Editing Permissions on a Connection
Cluster Configuration Permissions
Application and Application Object Permissions
Types of Application and Application Object Permissions
Assigning Permissions on an Application or Application Object
Viewing Permission Details on an Application or Application Object
Editing Permissions on an Application or Application Object
Denying Permissions on an Application or Application Object
SQL Data Service Permissions
Types of SQL Data Service Permissions
Assigning Permissions on an SQL Data Service
Viewing Permission Details on an SQL Data Service
Editing Permissions on an SQL Data Service
Denying Permissions on an SQL Data Service
Column Level Security
Restricted Columns
Adding Column Level Security
Web Service Permissions
Types of Web Service Permissions
Assigning Permissions on a Web Service
Viewing Permission Details on a Web Service
Editing Permissions on a Web Service
Audit Reports
Audit Reports Overview
User Personal Information
User Group Association
Privileges
Roles Association
Domain Object Permission
Selecting Users for an Audit Report
Selecting Groups for an Audit Report
Selecting Roles for an Audit Report
Appendix A: Command Line Privileges and Permissions
infacmd as Commands
infacmd cluster Commands
infacmd dis Commands
infacmd es commands
infacmd ipc Commands
infacmd isp Commands
infacmd mrs Commands
infacmd ms Commands
infacmd oie Commands
infacmd ps Commands
infacmd pwx Commands
infacmd rms Commands
infacmd rtm Commands
infacmd sch commands
infacmd sql Commands
infacmd wfs Commands
pmcmd Commands
pmrep Commands
Appendix B: Custom Roles
Analyst Service Custom Role
Metadata Manager Service Custom Roles
Operator Custom Role
PowerCenter Repository Service Custom Roles
Test Data Manager Custom Roles
Appendix C: Default List of Cipher Suites
Security Guide
Security Guide
10.2
10.4.0
10.2 HotFix 2
10.2 HotFix 1
Back
Next
Selecting Groups for an Audit Report
Selecting Groups for an Audit Report
You can run audit reports for multiple groups.
In the Administrator tool, click
Security
Audit Reports
.
From the
Select Report Type
list, select the type of audit report that you want to run.
From the
Generate Report For
list, select
Groups
and click
Go
.
The
Select Groups
dialog box appears. The list of groups are organized by security domain.
From the
Available Groups
list, select the groups for which you want to run the report.
Use the Shift key or Ctrl key to select multiple groups.
Click
Add
.
To run the report for all groups, do not select a group and click
Add All
.
The selected groups move to the
Selected Groups
list.
From the
Report Output Format
list, select the format in which you want to view the report.
By default, the reports displays on the screen.
You can also run an audit report in one of the following formats:
Text. Generates the audit report as a text file with values listed in columns.
CSV. Generates the audit report as a text file with values separated by commas.
PDF. Generates the audit report in .pdf format. You must install Acrobat Reader to view the report.
Click
Generate Report
.
Audit Reports
Updated August 08, 2022
Download Guide
Send Feedback
Resources
Communities
Knowledge Base
Success Portal
Back to Top
Back
Next
