Page 1 of 1
Admin Access
Posted: Mon May 22, 2017 3:58 am
by Nagac
Hi
I have been granted admin rights is admin console by administrator(selected all roles). So I should be able to access any DS Project without assigning rights in DS Administrator permissions tab. But I am unable to access projects unless I have been assigned a project in DS Admin permissions tab.
Our Security model is LDAP and PAM is enabled. Hence I have not been mapped credentials to OS level user.
Can you please let me know if we miss any steps in between.
Thanks
Posted: Mon May 22, 2017 12:55 pm
by Mike
You have a misunderstanding.
DataStage permissions as set via the DataStage Administrator client are separate from the roles and permissions established via the Information Server admin console.
You still have to grant your LDAP users and/or groups permission for a DataStage project via DataStage Administrator.
Mike
Posted: Mon May 22, 2017 3:21 pm
by PaulVL
And the user id has to be part of the dstage group (if defaults were used in your shop).
Posted: Mon May 22, 2017 5:09 pm
by Nagac
Thanks to both
I am still in doubt as far as i remember. I didnt assign rights to projects in DS Admin as we are assigning all roles to user earlier in different clientand worked fine.
Also, DS user is not created on Server or not given any rightsto server. We have different users on server.
As i mentioned PAM is configured in server,
Forgot to add when i log in to DS Admin, i cant seepermissions tab enabled for the project which was manually assigned to me in DS admin
Posted: Fri May 26, 2017 2:35 am
by Nagac
Any ideas?
Posted: Fri May 26, 2017 7:28 am
by Mike
Nagac wrote:Forgot to add when i log in to DS Admin, i cant seepermissions tab enabled for the project which was manually assigned to me in DS admin
This tells me that the ID that you logged in with does not have the DataStage and QualityStage Administrator role (only a DataStage administrator has access to the permissions tab). A suite administrator can add that role for you through the Information Server Admin Console.
Once your ID has that role, then you can use the DataStage Administrator Client permissions tab to add the DataStage Developer role (or other DataStage roles) on a per project basis for your LDAP groups that should have a role in the project.
Mike
Posted: Tue May 30, 2017 2:18 pm
by Nagac
Thanks Mike for your response.
But i had check it again and could see all roles were checked against my user id.
As i mentioned earlier, we have LDAP authentication to login into DataStage and we have separate user id to login into DataStage Server. are there any other things to consider
Thanks
Posted: Tue May 30, 2017 5:28 pm
by ray.wurlod
Check your credential mapping (in web console for Information Server, under Domain Management).
\
But that should not impact role-based access.