The Service Manager authorizes user requests for domain objects. Requests can come from the Administrator tool. The following application services authorize user requests for other objects:
Data Integration Service
Metadata Manager Service
Model Repository Service
PowerCenter Repository Service
When you create native users and groups or import LDAP users and groups, the Service Manager stores the information in the domain configuration database into the following repositories:
Model repository
PowerCenter repository
PowerCenter repository for Metadata Manager
The Service Manager synchronizes the user and group information between the repositories and the domain configuration database when the following events occur:
You restart the Metadata Manager Service, Model Repository Service, or PowerCenter Repository Service.
You add or remove native users or groups.
The Service Manager synchronizes the list of LDAP users and groups in the domain configuration database with the list of users and groups in the LDAP directory service.
When you assign permissions to users and groups in an application client, the application service stores the permission assignments with the user and group information in the appropriate repository.
When you request an object in an application client, the appropriate application service authorizes your request. For example, if you try to edit a project in Informatica Developer, the Model Repository Service authorizes your request based on your privilege, role, and permission assignments.