Security role overview
IBM® InfoSphere® Information Server supports role-based access control. Users derive authority from the union of their roles in InfoSphere Information Server (the suite roles), their roles in the suite component, such as IBM InfoSphere Information Analyzer (the suite component roles), and the projects that they work with (the project roles).
Security configuration is performed by two levels of administrators:
- InfoSphere Information Server administrators
- These administrators are in charge of assigning the suite and suite component roles to users. These roles determine which suite components the user can access and whether the user has component administrator or component user access in those suite components. InfoSphere Information Server administrators can also configure credential mappings for InfoSphere Information Analyzer, IBM InfoSphere DataStage®, and IBM InfoSphere QualityStage® users. InfoSphere Information Server administrators must have, at least, the Suite Administrator and Suite User role assigned to their user names. During installation, a default InfoSphere Information Server administrator is created to perform the initial installation tasks and configure the user registry. The default IBM WebSphere® Application Server administrator is always automatically configured as an InfoSphere Information Server administrator when you restart IBM WebSphere Application Server.
- InfoSphere Information Server suite component administrators
- These administrators are in charge of assigning the component project roles to the users that were configured by the InfoSphere Information Server administrator. These assignments are configured in the suite component. For example, the InfoSphere Information Server component administrator can assign the Information Analyzer Business Analyst role to a user in the information analysis screens of the console. For InfoSphere DataStage projects, these role assignments are configured in the InfoSphere DataStage Administrator client. The InfoSphere DataStage and QualityStage administrators can also use the IBM InfoSphere Information Server Web console to configure credential mappings.
Suite roles
- Suite User
- Select to give the user general access to InfoSphere Information Server and the suite components. A user must have this role to authenticate with InfoSphere Information Server or any of the suite components.
- Suite Administrator
- Select to give InfoSphere Information Server administration privileges to the user. The Suite Administrator role includes additional permissions; however, the Suite User role must also be assigned to the user for it to authenticate.
The common metadata roles are also suite roles. See InfoSphere Metadata Asset Manager and common metadata roles.