Network
Data Engineering
Data Engineering Integration
Enterprise Data Catalog
Enterprise Data Preparation
Cloud Integration
Cloud Application Integration
Cloud Data Integration
Cloud Customer 360
DiscoveryIQ
Cloud Data Wizard
Informatica for AWS
Informatica for Microsoft
Cloud Integration Hub
Complex Event Processing
Proactive Healthcare Decision Management
Proactive Monitoring
Real-Time Alert Manager
Rule Point
Data Integration
B2B Data Exchange
B2B Data Transformation
Data Integration Hub
Data Replication
Data Services
Data Validation Option
Fast Clone
Informatica Platform
Metadata Manager
PowerCenter
PowerCenter Express
PowerExchange
PowerExchange Adapters
Data Quality
Axon Data Governance
Data as a Service
Data Explorer
Data Quality
Data Security Group (Formerly ILM)
Data Archive
Data Centric Security
Secure@Source
Secure Testing
Master Data Management
Identity Resolution
MDM - Relate 360
Multidomain MDM
MDM Registry Edition
Process Automation
ActiveVOS
Process Automation
Product Information Management
Informatica Procurement
MDM - Product 360
Ultra Messaging
Ultra Messaging Options
Ultra Messaging Persistence Edition
Ultra Messaging Queuing Edition
Ultra Messaging Streaming Edition
Edge Data Streaming
Knowledge Base
Resources
PAM (Product Availability Matrices)
Support TV
Velocity (Best Practices)
Mapping Templates
Debugging Tools
User Groups
Documentation
English
English
English
Español
Spanish
Deutsch
German
Français
French
日本語
Japanese
한국어
Korean
Português
Portuguese
中文
Chinese
Log Out
Log In
Sign Up
PowerCenter
10.4.0
H2L
10.4.1
10.4.0
10.2 HotFix 2
10.2 HotFix 1
10.2
10.1.1 HotFix 2
10.1.1 HotFix 1
10.1.1
10.1
10.0
Security Guide
PowerCenter
All Products
Table of Contents
Search
No Results
About the Security Guide
Introduction to Informatica Security
Overview of Informatica Security
Infrastructure Security
Authentication
Secure Domain Communication
Secure Data Storage
Operational Security
Domain Configuration Repository
Security Domain
User Authentication
User Authentication Overview
Native User Authentication
LDAP User Authentication
Kerberos Authentication
SAML Authentication for Informatica Web Applications
LDAP Authentication
Overview
LDAP Security Domains
User Account Synchronization
LDAP Directory Services
Azure Active Directory for Secure LDAP Authentication
Creating an LDAP Configuration
Create the LDAP Configuration and Configure the LDAP Server Connection
Configure the Security Domain
Configure the Synchronization Schedule
Using Nested Groups in the LDAP Directory Service
Using a Self-Signed SSL Certificate
Deleting an LDAP Configuration
Kerberos Authentication
Kerberos Overview
How Kerberos Works in an Informatica Domain
Kerberos Cross Realm Authentication
Converting a Domain From Kerberos Single Realm Authentication to Kerberos Cross Realm Authentication
Preparing to Enable Kerberos Authentication
Determine the Kerberos Service Principal Level
Configure the Kerberos Configuration File
Create Kerberos Principal Accounts in Active Directory
Accounts Required at Node Level
Accounts Required at Process Level
Generate the Service Principal Name and Keytab File Name Formats
Generate the Service Principal Name and Keytab File Name Formats at Node Level
Generate the Service Principal Name and Keytab File Name Formats at Process Level
Review the Service Principal Name and Keytab File Name Format Text File
Generate the Keytab Files
Generate the Keytab Files at Node Level
Generate the Keytab Files at Process Level
Verify the Service Principal Names and Keytab Files
Enable Delegation for the Kerberos Principal User Accounts in Active Directory
Enabling Kerberos Authentication
Enable Kerberos Authentication in the Domain
Update the Nodes in the Domain
Enabling Kerberos on Informatica Nodes
Copy the Keytab Files to the Informatica Nodes
Enable Kerberos Authentication for Informatica Clients
Enabling User Accounts to Use Kerberos Authentication
Import User Accounts from Active Directory into LDAP Security Domains
Migrate Native User Privileges and Permissions to the Kerberos Security Domain
SAML Authentication for Informatica Web Applications
SAML Authentication Overview
SAML Authentication Process
Enable SAML Authentication in a Domain
Create an LDAP Configuration for the Identity Provider or LDAP Store
Export the Assertion Signing Certificate
Import the Certificate into the Truststore Used for SAML Authentication
Configure the Identity Provider
Add Informatica Web Application URLs to the Identity Provider
Enable SAML Authentication in the Domain
infasetup updateDomainSamlConfig Command Options
infasetup DefineDomain Command Options
Enable SAML Authentication on the Gateway Nodes
Gateway Node Command Options
Configuring Web Applications to Use Different Identity Providers
Prepare to Use an Identity Provider
Configure Informatica Administrator to Use an Identity Provider
Configure an Informatica Web Application
Domain Security
Domain Security Overview
Secure Communication Within the Domain
Secure Communication for Services and the Service Manager
Requirements for Secure Communication within the Domain
Enabling Secure Communication for the Domain from the Command Line
Enabling Secure Communication for the Domain in the Administrator Tool
Configuring the Informatica Client Applications to Work with a Secure Domain
Secure Domain Configuration Repository Database
Configuring a Secure Domain Configuration Repository Database
Secure PowerCenter Repository Database
Secure Model Repository Database
Secure Communication for Workflows and Sessions
Enabling Secure Communication for PowerCenter DTM Processes
Secure Connections to a Web Application Service
Requirements for Secure Connections to Web Application Services
Enabling Secure Connections to the Administrator Tool
Informatica Web Application Services
Security for the Analyst Tool
Security for REST Operations Hub Service
Security for the Web Services Hub Console
Security for Metadata Manager
Cipher Suites for the Informatica Domain
Create the Cipher Suite Lists
Configure the Informatica Domain with a New Effective List of Cipher Suites
Secure Sources and Targets
Data Integration Service Sources and Targets
PowerCenter Sources and Targets
Secure Data Storage
Secure Directory on UNIX
Changing the Encryption Key from the Command Line
Application Services and Ports
Security Management in Informatica Administrator
Using Informatica Administrator Overview
User Security
Encryption
Authentication
Single Sign-On
Authorization
Security Tab
Using the Search Section
Using the Security Navigator
Groups
Users
Roles
Operating System Profiles
LDAP Configuration
Account Management
Audit Reports
Password Management
Changing Your Password
Domain Security Management
User Security Management
Users and Groups
Users and Groups Overview
Default Groups
Administrator Group
Everyone Group
Operator Group
Understanding User Accounts
Default Administrator
Domain Administrator
Application Client Administrator
User
Managing Users
Creating Native Users
Editing General Properties of Native Users
Assigning Native Users to Native Groups
Assigning LDAP Users to Native Groups
Enabling and Disabling User Accounts
Deleting Native Users
Deleting Users of PowerCenter
Deleting Users of Metadata Manager
LDAP Users
Unlocking a User Account
Increasing System Memory for Many Users
Viewing User Activity
User Activity Codes
User Activity Log Filters
Writing and Viewing User Activity Log Events
Managing Groups
Adding a Native Group
Editing Properties of a Native Group
Moving a Native Group to Another Native Group
Deleting a Native Group
LDAP Groups
Managing Operating System Profiles
Operating System Profile Properties for the PowerCenter Integration Service
Operating System Profile Properties for the Data Integration Service
Operating System Profile Properties for the Metadata Access Service
Creating an Operating System Profile
Editing an Operating System Profile
Assigning a Default Operating System Profile to a User or Group
Deleting an Operating System Profile
Working with Operating System Profiles in a Secure Domain
Working with Operating System Profiles in a Domain with Kerberos Authentication
Account Lockout
Configuring Account Lockout
Rules and Guidelines for Account Lockout
Privileges and Roles
Privileges and Roles Overview
Privileges
Privilege Groups
Roles
Domain Privileges
Security Administration Privilege Group
Grant Privileges and Roles Privilege
Manage Users, Groups, and Roles Privilege
Domain Administration Privilege Group
Manage Service Execution Privilege
Manage Services Privilege
Manage Nodes and Grids Privilege
Manage Domain Folders Privilege
Manage Connections Privilege
Monitoring Privilege Group
Tools Privilege Group
Cloud Administration Privilege Group
Analyst Service Privileges
Content Management Service Privileges
Data Integration Service Privileges
Metadata Manager Service Privileges
Catalog Privilege Group
Load Privilege Group
Model Privilege Group
Security Privilege Group
Model Repository Service Privileges
PowerCenter Repository Service Privileges
Tools Privilege Group
Folders Privilege Group
Create Folders Privilege
Copy Folders Privilege
Manage Folder Versions
Design Objects Privilege Group
Create, Edit, and Delete Design Objects Privilege
Manage Design Object Versions
Sources and Targets Privilege Group
Create, Edit, and Delete Sources and Targets Privilege
Manage Source and Target Versions Privilege
Run-time Objects Privilege Group
Create, Edit, and Delete Run-time Objects Privilege
Manage Run-time Object Versions Privilege
Monitor Run-time Objects Privilege
Execute Run-time Objects Privilege
Manage Run-time Object Execution Privilege
Global Objects Privilege Group
Create Connections Privilege
Manage Deployment Groups Privilege
Execute Deployment Groups Privilege
Create Labels Privilege
Create Queries Privilege
PowerExchange Listener Service Privileges
PowerExchange Logger Service Privileges
Scheduler Service Privileges
Test Data Manager Service Privileges
Administration Privilege Group
Connections Privilege Group
Data Domains Privilege Group
Data Masking Privilege Group
Data Subset Privilege Group
Policies Privilege Group
Projects Privilege Group
Rules Privilege Group
Data Generation Privilege Group
Managing Roles
System-Defined Roles
Administrator Role
Custom Roles
Creating Custom Roles
Editing Properties for Custom Roles
Editing Privileges Assigned to Custom Roles
Deleting Custom Roles
Assigning Privileges and Roles to Users and Groups
Inherited Privileges
Assigning Privileges and Roles to a User or Group by Navigation
Viewing Users with Privileges for a Service
Troubleshooting Privileges and Roles
Permissions
Permissions Overview
Types of Permissions
Permission Search Filters
Domain Object Permissions
Permissions by Domain Object
Assigning Permissions on a Domain Object
Viewing Permission Details on a Domain Object
Editing Permissions on a Domain Object
Permissions by User or Group
Viewing Permission Details for a User or Group
Assigning and Editing Permissions for a User or Group
Operating System Profile Permissions
Assigning Permissions on an Operating System Profile
Viewing Permission Details on an Operating System Profile
Editing Permissions on an Operating System Profile
Connection Permissions
Types of Connection Permissions
Default Connection Permissions
Assigning Permissions on a Connection
Viewing Permission Details on a Connection
Editing Permissions on a Connection
Cluster Configuration Permissions
Application and Application Object Permissions
Types of Application and Application Object Permissions
Assigning Permissions on an Application or Application Object
Viewing Permission Details on an Application or Application Object
Editing Permissions on an Application or Application Object
Denying Permissions on an Application or Application Object
SQL Data Service Permissions
Types of SQL Data Service Permissions
Assigning Permissions on an SQL Data Service
Viewing Permission Details on an SQL Data Service
Editing Permissions on an SQL Data Service
Denying Permissions on an SQL Data Service
Column Level Security
Restricted Columns
Adding Column Level Security
Web Service Permissions
Types of Web Service Permissions
Assigning Permissions on a Web Service
Viewing Permission Details on a Web Service
Editing Permissions on a Web Service
Audit Reports
Audit Reports Overview
User Personal Information
User Group Association
Privileges
Roles Association
Domain Object Permission
Selecting Users for an Audit Report
Selecting Groups for an Audit Report
Selecting Roles for an Audit Report
Command Line Privileges and Permissions
infacmd as Commands
infacmd cluster Commands
infacmd dis Commands
infacmd dp Commands
infacmd es commands
infacmd ipc Commands
infacmd isp Commands
infacmd mas Commands
infacmd mrs Commands
infacmd ms Commands
infacmd tools Commands
infacmd ps Commands
infacmd pwx Commands
infacmd rms Commands
infacmd rtm Commands
infacmd sch commands
infacmd sql Commands
infacmd wfs Commands
pmcmd Commands
pmrep Commands
Custom Roles
Analyst Service Custom Role
Metadata Manager Service Custom Roles
Operator Custom Role
PowerCenter Repository Service Custom Roles
Test Data Manager Custom Roles
Default List of Cipher Suites
Security Guide
Security Guide
10.4.0
10.2 HotFix 2
10.2 HotFix 1
10.2
10.1.1 HotFix 1
10.1.1
10.0
Back
Next
Custom Roles
Custom Roles
A custom role is a role that you can edit or delete.
By default, the Administrator tool includes the following custom roles:
Analyst Service custom role
Metadata Manager Service custom roles
Operator custom role
PowerCenter Repository Service custom roles
Test Data Manager Service custom roles
You can edit the privileges for these roles, or delete the roles. You can also create your own custom roles.
Managing Roles
Creating Custom Roles
Editing Properties for Custom Roles
Editing Privileges Assigned to Custom Roles
Deleting Custom Roles
Updated June 26, 2020
Download Guide
Send Feedback
Explore Informatica Network
Communities
Knowledge Base
Success Portal
Back to Top
Back
Next