Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Informatica Data Quality 10.5.1
  • All Products

Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Authentication
  5. Kerberos Authentication
  6. SAML Authentication for Informatica Web Applications
  7. Domain Security
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Appendix A: Command Line Privileges and Permissions
  14. Appendix B: Custom Roles

Security Guide

Security Guide

Back Next

Migrate Native User Privileges and Permissions to the Kerberos Security Domain

Migrate Native User Privileges and Permissions to the Kerberos Security Domain

If the Informatica domain has user accounts in the native security domain, the corresponding Active Directory user accounts in the Kerberos security domain must have the same groups, roles, privileges, and permissions. Migrate the groups, roles, privileges, and permissions of the native users to the corresponding user accounts in the Kerberos LDAP security domain.
  1. Review the list of native user accounts and determine the accounts that you want to migrate to the LDAP security domain for Kerberos authentication.
    To list the user accounts in the Informatica domain, run the following command: 
    infacmd isp ListAllUsers
    Each native user account that you want to migrate to the Kerberos security domain must have a corresponding account in the Active Directory service that you use for Kerberos authentication.
  2. Create the user migration file.
    The user migration file is a plain text file that contains the list of native users and the corresponding Kerberos users that require the same groups, roles, privileges, and permissions.
    Use the following format to list entries in the user migration file: 
    Native/<source user name>,<LDAP security domain>/<target user name>
    The following example shows a user migration file containing the following list of users to migrate to the COMPANY.COM security domain: 
    Native/User1,COMPANY.COM/User1
Native/User2,COMPANY.COM/User2
Native/User3,COMPANY.COM/User3
  3. Run the infacmd isp migrateUsers command to migrate account privileges and permissions in the native security domain to the accounts in the Kerberos security domain.
    To migrate the groups, roles, privileges, and permissions for users, run the following command: 
    infacmd isp migrateUsers -dn <domain name> -un <administrator user name> -pd <administrator password> -sdn <security domain> -umf <user migration file>
    The following table describes the options for the command:
    Option
    Description
    -DomainName
    -dn
    Name of the Informatica domain.
    -UserName
    -un
    User name to connect to the domain.
    Specify the user name of the administrator account you specified in the infasetup switchToKerberosMode command.
    -Password
    -pd
    Password for the administrator account.
    -SecurityDomain
    -sdn
    LDAP security domain of the administrator account used to connect to the domain.
    Specify _infaInternalNamespace.
    -UserMigrationFile
    -umf
    Path and file name of the user migration file.
    The command skips entries with a duplicate source user name or target user name.
    The following example migrates the groups, roles, privileges, and permissions for users based on the
    um_s.txt
     user migration file: 
    infacmd isp migrateUsers -dn InfaDomain -un nodeuser01 -pd password -sdn _infaInternalNamespace -umf C:\Infa\um_s.txt
    The command overwrites the connection object permissions assigned to the LDAP user with the connection object permissions for the native user. The command merges the groups, roles, privileges, and domain object permissions for native users and corresponding LDAP users.
    The migrateUsers command creates a detailed log file named
    infacmd_umt_<date>_<time>.txt
     in the directory where you run the command.
0 COMMENTS
We’d like to hear from you!