We are trying to implement access control policy on our production environment. We have been exploring two options as of now:
1. Releaseing jobs and thus creating read only jobs.
2. Protecing a project.
However both these options does not allow us to have a staged access policy. What we are aiming at is to create one user who has complete access to the system and can modify jobs and another user who only has read only access and the user can only analyze the server jobs.
Need pointers on possibilties of creating such user roles.
Data Stage User roles
Moderators: chulett, rschirm, roy
-
pavan.nadiger
- Participant
- Posts: 6
- Joined: Wed Mar 07, 2007 3:12 am
- Location: Birmingham
Hi Pavan,
Welcome to Dsxchange :D !!!
Both option works. If you have dsadm you have the full access.
If you have Operator role assigned to a user, it will have only the access to change the runtime informations.
Welcome to Dsxchange :D !!!
Both option works. If you have dsadm you have the full access.
If you have Operator role assigned to a user, it will have only the access to change the runtime informations.
Impossible doesn't mean 'it is not possible' actually means... 'NOBODY HAS DONE IT SO FAR'
-
pavan.nadiger
- Participant
- Posts: 6
- Joined: Wed Mar 07, 2007 3:12 am
- Location: Birmingham
Thanks for the welcome Kumar. :D
Well you could consider it as my naivity in Datastage, but i am unable to understand the use of dsadm.
At present the datastage server is hosted on a Windows 2003 server and we have assigned the three roles available in datastage to the various windows user groups.
However even if the user role is Datastage Production Manager, he is not allowed to modify jobs in a protected project. We had initially considered to have a user as Datastage Production Manager to have complete rights and a user with Datastage Developer role to have restricted/ read only rights.
Thanks for all the help in advance.
Well you could consider it as my naivity in Datastage, but i am unable to understand the use of dsadm.
At present the datastage server is hosted on a Windows 2003 server and we have assigned the three roles available in datastage to the various windows user groups.
However even if the user role is Datastage Production Manager, he is not allowed to modify jobs in a protected project. We had initially considered to have a user as Datastage Production Manager to have complete rights and a user with Datastage Developer role to have restricted/ read only rights.
Thanks for all the help in advance.
Hi,
i do not understand why you need to have full access on a production project.
This is quite dangerous!
I'm not sure that dsadm has full access to a protected project. I triad with a 7.0 version, it does not work.
My opinion :
Protecte projects are a good solution.
If you want to have fulle acces to production, create a copy of the production project, unprotected.
i do not understand why you need to have full access on a production project.
This is quite dangerous!
I'm not sure that dsadm has full access to a protected project. I triad with a 7.0 version, it does not work.
My opinion :
Protecte projects are a good solution.
If you want to have fulle acces to production, create a copy of the production project, unprotected.
-
pavan.nadiger
- Participant
- Posts: 6
- Joined: Wed Mar 07, 2007 3:12 am
- Location: Birmingham
Thanks for all the responses.
The problem we are stuck up right now is that we have single user access to all, and thus there are accidenental amendements which take place on server jobs during issues investigation.
Right now we are looking at two different roles on the environment:
1. Production Support Manager - who takes care of schedule runs and can make amendments in the job in case of any schedule failures. As we are looking at a daily overnight runs, the manager should be able to make quick changes then and there.
2. Developer/ support Engineer - This user role will be basically used to investigate issues with data and if he finds any issues in any of the datastage jobs, he can report it back to the production manager. This user will have read only access on jobs.
The problem we are stuck up right now is that we have single user access to all, and thus there are accidenental amendements which take place on server jobs during issues investigation.
Right now we are looking at two different roles on the environment:
1. Production Support Manager - who takes care of schedule runs and can make amendments in the job in case of any schedule failures. As we are looking at a daily overnight runs, the manager should be able to make quick changes then and there.
2. Developer/ support Engineer - This user role will be basically used to investigate issues with data and if he finds any issues in any of the datastage jobs, he can report it back to the production manager. This user will have read only access on jobs.
You'll find most people here will heartily disagree with #1. Changes outside of the development environment should be strictly forbidden and you enforce this either by using Protected projects or a tool like Version Control which can ensure that jobs in those environments are Read Only.
-craig
"You can never have too many knives" -- Logan Nine Fingers
"You can never have too many knives" -- Logan Nine Fingers