Configuring Access Control

Access control settings work in conjunction with roles to define the permissions for a user. Roles define the permissions for categories of entities, such as all dataflows or all database resources, and access control settings define the permissions for specific entities, such as specific jobs or specific database connections.

In order to configure access controls you must have View and Modify permissions to these secured entity types:
  • Security - Access Control
  • Security - Roles
  • Security - Users

To configure access control:

  1. In Management Console, go to System > Security.
  2. Click the Access Control tab.
  3. Click the Add button.
  4. Do one of the following:
    • If you want to specify access controls for a role, click Role. The access control permissions you specify will affect all users who have the role you choose.
    • If you want to specify access controls for a single user, click User. The access control permissions you specify will only affect the user you choose.
  5. Select the role or user for which you want to define access controls.
  6. Click the Add button.
  7. Select the secured entity type that contains the secured entity you want. For example, if you want to configure access control for a dataflow, choose Platform.Dataflows.
  8. Choose the secured entity you want to configure access controls for, then click the >> button to add it to the Selected Entities list.
  9. Click Add.

    The secured entities you chose are displayed. The check boxes indicate the permissions in effect for the selected role or user.

  10. Specify the permissions that you want to grant for each secured entity. Each secured entity can have one of the following permissions:
    The permission is inherited from the role.
    The permission is inherited from the role and cannot be overridden.
    The permission is granted, overriding the permission specified in the user or role.
    The permission is denied, overriding the permission specified in the user or role.

Access Control Example

The following shows access control settings for the role RetentionDepartmentDesigner.



In this example, the Platform.Dataflow secured entity type is set to allow the View and Modify permissions but not the Delete permission. So by default, any user that has the RetentionDepartmentDesigner role would have these permissions for all dataflows. However, you want to prevent users with this role from modifying the ExampleJob1 dataflow only. So, you clear the checkbox in the Modify column for ExampleJob1. Now users with this role will not be able to modify this dataflow but will still be able to modify other dataflows.