Permissions Overview | Setup Portlet | Teradata Data Mover - 17.11 - Permissions - Teradata Data Mover

Teradata® Data Mover User Guide

Product
Teradata Data Mover
Release Number
17.11
Release Date
October 2021
Content Type
User Guide
Publication ID
B035-4101-091K
Language
English (United States)

A Viewpoint Administrator can assign permissions to users and roles to enable security management in the Permissions view of the Data Mover Setup portlet. When security management is enabled, the Viewpoint Administrator can designate the specific access types to individuals and roles, both at the daemon and at the job level.

If security management is not enabled, the selected users and roles have full access (read, write, and execute) to the daemon. A Viewpoint user who has been granted access privileges can perform any operation on any job in the Data Mover portlet. When Give full daemon access to all selected users and roles is set, it is not possible to designate certain roles or users with certain privileges but not others (such as read but not execute) or to designate job permissions without using security management.

A user must have Read access to monitor the daemon in the main Data Mover portlet, regardless of whether security management is enabled. For more information on granting permissions, see Adding Permissions.

Access Types

Data Mover supports three different types of access privileges:
Access Type Privileges
Read (R)
  • Preview jobs
  • View status of running or started jobs
Write (W)
  • Create jobs
  • Edit jobs
  • Delete jobs
  • Update job steps
  • Update job priorities
  • Edit job scripts
  • Change permissions
Execute (X)
  • Run jobs
  • Stop jobs
  • Restart jobs
  • Clean up jobs
A user who has write or execute access always has read access also. Therefore, the following access combinations can be designated for users and roles for a daemon or a job:
  • No access
  • Read access
  • Read and write access
  • Read and execute access
  • Read, write, and execute access

For a user who does not have full access privileges, the options appear as unavailable, in grey, in the Data Mover portlet. For example, if a user does not have execute access, the Run command in the menu for the job appears in grey and is unavailable. For a user who does not have write access, the New Job button appears in grey and is unavailable.

Daemon-Level and Job Permissions

There are three options for security when security management is enabled. These options only affect the selected daemon.
Option Description
Give full daemon access to all selected users and roles Security management is considered disabled if this setting is selected. You cannot grant or revoke individual read/write/execute privileges to users or roles with this option. However, the user or role does still need read permissions on the daemon.

For more information on granting permissions, see Adding Permissions.

Allow daemon write or execute access to be configured per user or role This daemon-level option is less restrictive than job-level permissions by allowing users access to all jobs on that daemon. For example, if this option is selected, a user with read access can perform read operations on all of the jobs on the daemon from the Data Mover portlet. Any access designated for individual jobs is disregarded when this security option is used.

You can set read, write, and execute access for both specific users and for roles at the daemon level. A user who has write or execute access automatically has read access as well.

Allow user and role access to be further restricted per job This job-level setting is more restrictive. The access specified for the daemon as well as the access specified for individual jobs are considered. For example, a user with read access on the daemon does not automatically have access to view jobs; the user must also have read access granted at the job level to be able to view it in the Data Mover portlet. Similarly, a user who is granted read access for the individual job but not for the daemon cannot view the job in the Data Mover portlet.

Users with write access to a job can set permissions when creating or editing the job or performing changes to job permissions for multiple jobs. Users can change permissions for multiple jobs by selecting Change Permissions in the Saved Jobs view using the Table Actions arrow in the Data Mover portlet.

Job Settings Permissions

If security management is enabled, you can also restrict access to certain job settings:
  • The ability to run Update Job Steps from the menu for a job listed in the Data Mover portlet.
  • The maximum number of streams that a user can specify for a job.
  • The utilities available. Users can be restricted to use Teradata DSA, or Teradata PT API load, update, or stream. JDBC is always available.

You access job settings permissions by clicking the Advanced button in the Permissions Details screen.