Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Administrator
  • All Products

Table of Contents

Search

  1. Preface
  2. User administration
  3. Ecosystem single sign-on
  4. SAML single sign-on
  5. Users
  6. User groups
  7. User roles
  8. User configuration examples
  9. Editing your user profile

User Administration

User Administration

Back Next

User configuration examples

User configuration examples

The following examples illustrate ways in which you can configure users, user groups, and roles to control access to
Informatica Intelligent Cloud Services
 according to your business needs.
You want your development team to create tasks and taskflows in
Data Integration
. The development team needs to view sample data in development, but you want to restrict access to production data.
  1. Create a Developer role for the development team. Configure the role with all privileges for tasks and related assets, but only the Read privilege for connections.
  2. Create a Development Team user group and add all members of the development team to the group.
  3. Assign the Developer role to the Development Team group.
  4. If possible, create development connections to sample data. If you have both development and production connections, configure the production connections so that the Development Team group does not have read permission for these connections. This prevents users in the Development Team group from using production connections in tasks.
  5. After testing is complete and tasks are ready to move into production, have an administrator or other qualified user configure the tasks to use production connections.
  6. Edit the Developer role and remove the privilege to run tasks. If development is complete for a task type, you can also remove the privileges to read and update the tasks. By removing the read privilege, you prevent users with the Developer role from accessing information about production tasks.
You have a reporting team that needs to run tasks in
Data Integration
, but does not have the technical knowledge to configure tasks safely.
  1. Create a Reporter role for the reporting team. Configure the role with privileges to read and run tasks and taskflows, and privileges to read, create, and update schedules. Do not enable privileges to create, update, delete or set permissions on assets in the organization.
  2. Create a Reporting Team user group and add all members of the reporting team to the group.
  3. Assign the Reporter role to the Reporting Team group.
You want a security administrator who can assign roles and user groups and configure access control, but cannot create, edit, or run tasks.
  1. Create a custom role called Security Administrator.
  2. Edit the Security Administrator role and grant all privileges except the privileges to create, update, delete, and run tasks, connections, and schedules.
  3. Assign the Security Administrator role to the security administrator.
You want to easily keep track of your organization administrators.
Create a user group called "Organization Administrators" and assign the Admin role to the group. Add all of your organization administrators to the group.
Your organization uses an OrderProcessing API to manage orders to a large supplier. This API consists of processes in
Application Integration
 that include CreateOrder, ApproveOrder, and GetOrder. As an Admin, you want to restrict access to the ApproveOrder process to a few people.
  1. Create a custom role called Approver. Configure the Run privilege for Application Integration Assets for the Approver role.
  2. Create a user group called Order Approvers.
  3. Assign the Approver role to the Order Approvers group.
  4. Assign the Service Consumer role to the Order Approvers group. You must do this as the Service Consumer role can access and invoke processes.
  5. Assign the users who need to be able to invoke the ApproveOrder process to the Order Approvers group.
  6. In the ApproveOrder process, you must configure one of the following fields:
    • To assign access to a group of users, enter the Order Approvers group in the
      Allowed Groups
       field.
    • To assign access to a specific user, enter the user in the
      Allowed Users
       field. You can enter more than one user in the field.
Only members of the Order Approvers group or the users specified in the
Allowed Users
 field will be able to invoke the ApproveOrder process.
You want an
Application Integration
 developer to be able to perform all functions in the
Application Integration Console
 except for viewing detailed process logs.
  1. Create a role called Custom_Dev and configure the role with the following privileges:
    1. Select the
      Application Integration
       service, go to the
      Assets
       tab, and enable all CRUD privileges for
      Application Integration Assets
      .
    2. Go to the
      Features
       tab and add the Development, Console Administration, Publish Application Integration Assets, View Application Integration Console, and View Application Integration Designer privileges to the role.
    3. Select the
      Data Integration
       service, go to the
      Assets
       tab, and enable all CRUD privileges for the
      Project
       and
      Folder
       assets.
  2. Assign the Custom_Dev role to the developer.
0 COMMENTS
We’d like to hear from you!