Permissions Overview | Setup Portlet | Teradata Data Mover - Permissions - Teradata Data Mover

Teradata® Data Mover User Guide

Product
Teradata Data Mover
Release Number
17.05
Published
October 2020
Language
English (United States)
Last Update
2020-11-18
dita:mapPath
xxl1591023586203.ditamap
dita:ditavalPath
mpm1591127278842.ditaval
dita:id
B035-4101
lifecycle
previous
Product Category
Analytical Ecosystem

A Viewpoint Administrator can assign permissions to users and roles and enable security management in the Permissions view of the Data Mover Setup portlet. When security management is enabled, the Viewpoint Administrator can designate the specific access types to individuals and roles, both at the daemon and at the job level.

If security management is not enabled, the selected users and roles have full access (read, write, and execute) to the daemon. A Viewpoint user who has been granted access privileges can perform any operation on any job in the Data Mover portlet. It is not possible to designate that certain roles or users have certain privileges but not others (such as read but not execute) or to designate job permissions without using security management.

A user must have Read access to monitor the daemon in the main Data Mover portlet, regardless of whether security management is enabled.

Access Types

Data Mover supports three different types of access privileges:
Access Type Privileges
Read (R)
  • Preview jobs
  • View status of running or started jobs
Write (W)
  • Create jobs
  • Edit jobs
  • Delete jobs
  • Update job steps
  • Update job priorities
  • Edit job scripts
  • Change permissions
Execute (X)
  • Run jobs
  • Stop jobs
  • Restart jobs
  • Clean up jobs
A user who has write or execute access always has read access also. Therefore, the following access combinations can be designated for users and roles for a daemon or a job:
  • No access
  • Read access
  • Read and write access
  • Read and execute access
  • Read, write, and execute access

For a user who does not have full access privileges, the options appear as unavailable, in grey, in the Data Mover portlet. For example, if a user does not have execute access, the Run command in the menu for the job appears in grey and is unavailable. For a user who does not have write access, the New Job button appears in grey and is unavailable.

Daemon Level and Job Permissions

There are two options for security when security management is enabled. These options only affect the selected daemon.
  • Daemon-level only (the Daemon level option in the Job Permissions Details screen in Data Mover Setup)
  • Daemon and job level (the Job permissions option in the Job Permissions Details screen in Data Mover Setup)

Setting permissions to Daemon level is less restrictive than setting them to Job permissions. The Daemon level option allows users access to all jobs on that daemon. For example, if this option is selected, a user with read access can perform read operations on all of the jobs on the daemon from the Data Mover portlet. Any access designated for individual jobs is disregarded when the Daemon level security option is used.

You can set read, write, and execute access for both specific users and for roles at the daemon level. A user who has write or execute access automatically has read access as well.

Setting permissions to Job permissions is more restrictive. The access granted to a user considers the access specified for the daemon as well as the access specified for individual jobs. For example, a user with read access on the daemon does not automatically have access to view jobs; the user also needs to have read access granted at the individual job level to be able to view it in the Data Mover portlet. Similarly, a user who is granted read access for the individual job but not for the daemon cannot view the job in the Data Mover portlet.

Users with write access to a job can set permissions when creating or editing the job or performing changes to job permissions for multiple jobs. Users can change permissions for multiple jobs by selecting Change Permissions in the Saved Jobs view in the Data Mover portlet.

Job Settings Permissions

If security management is enabled, you can also restrict access to certain job settings:
  • The ability to run Update Job Steps from the menu for a job listed in the Data Mover portlet.
  • The maximum number of streams that a user can specify for a job.
  • The utilities available. Users can be restricted to use Teradata DSA, or Teradata PT API load, update, or stream. JDBC is always available.

You access job settings permissions by clicking the Advanced button in the Job Permissions Details screen.