You determine the actions that users can perform by assigning the following items to users and groups:
Privileges. A privilege determines the actions that users can perform in application clients.
Roles. A role is a collection of privileges. When you assign a role to a user or group, you assign the collection of privileges belonging to the role.
Use the following rules and guidelines when you assign privileges and roles to users and groups:
You assign privileges and roles to users and groups for the domain and for each application service that is running in the domain.
You cannot assign privileges and roles to users and groups for a Metadata Manager Service or PowerCenter Repository Service in the following situations:
The application service is disabled.
The PowerCenter Repository Service is running in exclusive mode.
You can assign different privileges and roles to a user or group for each application service of the same service type.
A role can include privileges for the domain and multiple application service types. When you assign the role to a user or group for one application service, privileges for that application service type are assigned to the user or group.
If you change the privileges or roles assigned to a user, the changed privileges or roles take effect the next time that the user logs in.
You cannot edit the privileges or roles assigned to the default Administrator user account.