Identity Profile Security
Effective in Release 6.3.0, on the Identity Profile Editor, there is a Permissions button that allows ONLY an Administrator to grant Permissions to Power Users to Use a Profile when creating a Plugin Data Source with Auth Type = Identity Profile to be used to present credentials to a BI Tool. A Power User may ONLY use a Profile to which the user has Use Access but cannot reach its editor.
In addition, there is a Section on the Group/User Editors > Power Users tab where Identity Profile Permissions can be granted to a User or Group via its Editor. Power Users may only access Group Editors when they have the associated "Create Groups" Privilege but have no access to User Editors.
There are no Privileges associated with this Identity Profile feature other than "Create Data Sources".
No Regular User Access is permitted since this type of user cannot create a Plugin Data Source.
See Overview of Identity Profiles for more information on Identify Profiles.
1. Grant Permissions to Use the Profile
1.1. From Identify Profile Editor
ADMINs ONLY: Admin menu > System > Identity Profiles > Name link > Editor > Permissions button
Use buttons to grant Use Access to the Identity Profile to a selected Group or Power User and save. Repeat as required.
1.2. From User or Group Editor
ADMIN: Admin menu > Users & Groups > List Page > Name link > User or Group Editor > Power User tab > Identity Profile section
POWER USER: Admin menu > Groups > List Page > Name link > Group Editor > Power User tab > Identity Profile section
- [+ Identity Profile Access to the Group]
- Select a Profile from the dropdown
- Power User only sees those Profiles to which user has been granted Use Access
NOTE: Admins follow the same steps when adding an Identity Profile from a User Editor
2. Assign an Identity Profile to a Plugin Data Source
ADMIN: Admin menu > Collection & Storage > Data Sources > List Page > Name link > Plugin Data Source Editor
POWER USER: Admin menu > Data Sources > List Page > Name link > Plugin Data Source Editor
- Set Auth Type to "Identity Profile"
- Choose an Identity Profile (from a drop-down list that contains only those Profiles to which the PU has Use Access) to be used on the Data Source