Table of Contents

Search

  1. Preface
  2. Introducing Administrator
  3. Organizations
  4. Licenses
  5. Ecosystem single sign-on
  6. SAML single sign-on
  7. Metering
  8. Source control and service upgrade settings
  9. Users and user groups
  10. User roles
  11. Permissions
  12. Runtime environments
  13. Serverless runtime environments
  14. Secure Agent services
  15. Secure Agent installation
  16. Schedules
  17. Bundle management
  18. Event monitoring
  19. File transfer
  20. Troubleshooting

Administrator

Administrator

User configuration examples

User configuration examples

The following examples illustrate ways in which you can configure users and user groups to control access to
Informatica Intelligent Cloud Services
according to your business needs.
For information about user roles, see User roles.
You want your development team to create tasks and taskflows in
Data Integration
. The development team needs to view sample data in development, but you want to restrict access to production data.
  1. Create a Developer role for the development team. Configure the role with all privileges for tasks and related assets, but only the Read privilege for connections.
  2. Create a Development Team user group and add all members of the development team to the group.
  3. Assign the Developer role to the Development Team group.
  4. If possible, create development connections to sample data. If you have both development and production connections, configure the production connections so that the Development Team group does not have read permission for these connections. This prevents users in the Development Team group from using production connections in tasks.
  5. After testing is complete and tasks are ready to move into production, have an administrator or other qualified user configure the tasks to use production connections.
  6. Edit the Developer role and remove the privilege to run tasks. If development is complete for a task type, you can also remove the privileges to read and update the tasks. By removing the read privilege, you prevent users with the Developer role from accessing information about production tasks.
You have a reporting team that needs to run tasks in
Data Integration
, but does not have the technical knowledge to configure tasks safely.
  1. Create a Reporter role for the reporting team. Configure the role with privileges to read and run tasks and taskflows, and privileges to read, create, and update schedules. Do not enable privileges to create, update, delete or set permissions on assets in the organization.
  2. Create a Reporting Team user group and add all members of the reporting team to the group.
  3. Assign the Reporter role to the Reporting Team group.
You want a security administrator who can assign roles and user groups and configure access control, but cannot create, edit, or run tasks.
  1. Create a custom role called Security Administrator.
  2. Edit the Security Administrator role and grant all privileges except the privileges to create, update, delete, and run tasks, connections, and schedules.
  3. Assign the Security Administrator role to the security administrator.
You want to easily keep track of your organization administrators.
Create a user group called "Organization Administrators" and assign the Admin role to the group. Add all of your organization administrators to the group.
Your organization uses an OrderProcessing API to manage orders to a large supplier. This API consists of processes in
Application Integration
that include CreateOrder, ApproveOrder, and GetOrder. As an Admin, you want to restrict access to the ApproveOrder process to a few people.
  1. Create a custom role called Approver. Configure the Run privilege for Application Integration Assets for the Approver role.
  2. Create a user group called Order Approvers.
  3. Assign the Approver role to the Order Approvers group.
  4. Assign the Service Consumer role to the Order Approvers group. You must do this as the Service Consumer role can access and invoke processes.
  5. Assign the users who need to be able to invoke ApproveOrder to the Order Approvers group.
  6. In the Allowed Roles field of the ApproveOrder process, enter Approver.
Only members of the Order Approvers group will be able to invoke the ApproveOrder process.
You want an
Application Integration
developer to be able to perform all functions in the
Application Integration Console
except for viewing detailed process logs.
  1. Create a role called Custom_Dev and configure the role with the following privileges:
    1. Select the
      Application Integration
      service, go to the
      Assets
      tab, and enable all CRUD privileges for
      Application Integration Assets
      .
    2. Go to the
      Features
      tab and add the Development, Console Administration, Publish Application Integration Assets, View Application Integration Console, and View Application Integration Designer privileges to the role.
    3. Select the
      Data Integration
      service, go to the
      Assets
      tab, and enable all CRUD privileges for the
      Project
      and
      Folder
      assets.
  2. Assign the Custom_Dev role to the developer.


Updated November 30, 2020