Table of Contents

Search

  1. Preface
  2. Introducing Administrator
  3. Organizations
  4. Licenses
  5. Ecosystem single sign-on
  6. SAML single sign-on
  7. Metering
  8. Source control and service upgrade settings
  9. Users and user groups
  10. User roles
  11. Permissions
  12. Runtime environments
  13. Serverless runtime environments
  14. Secure Agent services
  15. Secure Agent installation
  16. Schedules
  17. Bundle management
  18. Event monitoring
  19. File transfer
  20. Troubleshooting

Administrator

Administrator

Access privileges for cross-service roles

Access privileges for cross-service roles

Assign cross-service roles to users who need access privileges for different services across
Informatica Intelligent Cloud Services
. Each cross-service role provides different access privileges.
Cross-service roles have the following access privileges:
Admin
Users with the Admin role have full access to all licensed services. They can perform all tasks in the organization when assigned both the Admin and Service Consumer roles.
The best practice is to assign the Admin role to one or two trusted users and assign the users to an administrative user group that has full permissions on all asset types. These users can act as alternative organization administrators and can help troubleshoot access control and other organization security issues.
To provide full access to the
API Manager
service, including full privileges for OAuth 2.0 client management, assign the user both the Admin and Service Consumer roles.
Data Integration Data Previewer
Users with the Data Integration Data Previewer role can preview data when they select a source, target, or lookup object for use in a mapping or task in
Data Integration
. They can also view source object data when creating a profile or viewing profile results in Data Profiling.
The Data Integration Data Previewer role is a supplemental role. Assign this role with another role, such as the Designer role, to ensure that users can access
Data Integration
and Data Profiling.
Deployer
Users with the Deployer role can deploy
Application Integration
assets and manage APIs through
API Manager
. Assign this role in a production environment where deployment access is typically restricted.
Users with the Deployer privilege can view assets in
Data Quality
.
To provide full access to the
API Manager
service, including full privileges for OAuth 2.0 client management, assign the user both the Deployer and Service Consumer roles.
The following table lists the services that users with the Deployer role can access and the access privileges associated with each service:
Service
Access Privileges
API Manager
Has full access to this service, including OAuth 2.0 client management privileges, when the Service Consumer role is also assigned.
Application Integration
Can view asset details.
Application Integration Console
Can deploy assets and view settings on the Processes, Logs, Server Configuration, Deployed Assets, and Resources pages. Can upload and deploy Process Developer-generated orchestration artifacts (BPRs).
Data Quality
Can view asset details.
Designer
Users with the Designer role can create assets, tasks, and processes. They can configure connections, schedules, and runtime environments. They can also monitor jobs and
elastic clusters
for the organization.
The following table lists the services that users with the Designer role can access and the access privileges associated with each service:
Service
Access Privileges
Administrator
Can configure connections, runtime environments, schedules, swagger files, and
elastic configurations
. Can install add-on connectors and install and uninstall add-on bundles. Can view upgrade settings for Secure Agent services. Can start and stop file servers, configure proxy servers, and view other file server settings.
Application Integration
Has full access to this service.
Application Integration Console
Can view and edit all settings except for server configuration properties.
B2B Gateway
Has full access to this service.
Data Integration
Has full access to this service.
Data Quality
Has full access to this service.
Data Profiling
Has full access to this service.
Integration Hub
Has full access to this service.
Monitor
Has full access to this service.
Monitor
Users with the Monitor role can monitor
Data Integration
jobs,
Cloud Integration Hub
assets,
Data Quality
assets, and
Application Integration
process instances for the organization.
The following table lists the services that users with the Monitor role can access and the access privileges associated with each service:
Service
Access Privileges
Administrator
Can view schedules and upgrade settings for Secure Agent services. Can start and stop file servers, configure proxy servers, and view other file server settings.
Application Integration
Can view asset details.
Application Integration Console
Can view settings.
B2B Gateway
Can view asset details.
Data Integration
Can view asset details.
Data Quality
Can view asset details.
Data Profiling
Can view asset details.
Integration Hub
Can view asset details.
Monitor
Can view data integration jobs and job details. Cannot view export or import jobs.
Operator
An Operator is responsible for process execution management and Process Server configuration updates. Users with the Operator role can view asset details but cannot modify them. They can manage process instances and modify some operational server parameters.
The following table lists the services that users with the Operator role can access and the access privileges associated with each service:
Service
Access Privileges
Application Integration
Can view asset details.
Application Integration Console
Can view and edit Process Server settings and some Cloud Server settings. For example, a user with the Operator role can create an alert service, but cannot view tenant details.
Data Quality
Can view asset details.
Data Profiling
Can view asset details.
Operational Insights
Can view cloud and domain infrastructure. Can edit domain and infrastructure Secure Agent alert settings. Can edit domain infrastructure, including registering domains.
Service Consumer
Users with the Service Consumer role can run tasks, taskflows, and processes but they cannot create or edit assets. Assign this role to users who need to execute
Data Integration
jobs and
Application Integration
processes through APIs.
To provide full access to the
API Manager
service, assign the user both the Service Consumer and Deployer roles, or assign the user both the Service Consumer and Admin roles.
The following table lists the services that users with the Service Consumer role can access and the access privileges associated with each service:
Service
Access Privileges
Administrator
Can view schedules, swagger files, and upgrade settings for Secure Agent services. Can start and stop file servers, configure proxy servers, and view other file server settings.
API Manager
Has full access to this service when the Deployer or the Admin role is also assigned.
API Portal
Has full access to this service.
Application Integration
Can invoke
Application Integration
processes.
Data Integration
Can view tasks, run tasks, test-run mappings, run taskflows, and download workflow XML.
Data Quality
Can view asset details.


Updated November 30, 2020