Assigning user roles

IBM® InfoSphere® Information Server supports role-based access control. User roles determine which features users can use. For some suite components, user roles also determine which projects a user can access.

User roles can be defined at several levels that build on one another. Users derive authority from the combination of their role in InfoSphere Information Server (their suite roles), their role in the suite component (for example, IBM InfoSphere Information Analyzer or IBM InfoSphere FastTrack), and the permissions they have to work in a given project (their project roles).

Suite

Suite-level roles are the basic roles that users need to access any part of InfoSphere Information Server. Users who are not Suite Users cannot authenticate with InfoSphere Information Server. All InfoSphere Information Server users must have the Suite User role. A suite user can also have the Suite Administrator role to complete administration tasks. Users with the Suite Administrator role must also have the Suite User role assigned to their user names.

The common metadata component roles are also suite-level roles. These roles have certain authority over metadata in the metadata repository.

Component

Component-level roles provide access to the features of a specific product module. Users can be users or administrators of a product module. For example, you can be an InfoSphere Information Analyzer user and an IBM InfoSphere DataStage® administrator.

Project

Project-level roles are defined in the product module and by the product module. For example, in an information analysis project in the IBM InfoSphere Information Server console, you can assign a user the Information Analyzer Data Steward role for that project.

Assigning user roles

Typically, an InfoSphere Information Server administrator assigns suite-level roles and component-level roles. Both roles are assigned by using the IBM InfoSphere Information Server console or IBM InfoSphere Information Server Web console. The InfoSphere Information Server console is available with IBM InfoSphere Information Analyzer and InfoSphere Information Services Director. The InfoSphere Information Server Web console is available to all InfoSphere Information Server users with the SuiteUser role.

After the security roles are configured, the administrator of each product module further defines the project-level roles in the IBM InfoSphere Information Server console or the IBM InfoSphere DataStage and QualityStage® Administrator client. To perform the actions of a particular project-level role, a user must also have suite-level access and access to the product module that owns the project. For example, to be an InfoSphere DataStage developer, a user must be assigned the roles of suite user and component-level InfoSphere DataStage, as well as the InfoSphere DataStage developer project role.