Identity Profile Security

Effective in Release 6.3.0, on the Identity Profile Editor, there is a Permissions button that allows ONLY an Administrator to grant Permissions to Power Users to Use a Profile when creating a Plugin Data Source with  Auth Type = Identity Profile to be used to present credentials to a BI Tool. A Power User may ONLY use a Profile to which the user has Use Access but cannot reach its editor.

In addition, there is a Section on the Group/User Editors > Power Users tab where Identity Profile Permissions can be granted to a User or Group via its Editor.  Power Users may only access Group Editors when they have the associated "Create Groups" Privilege but have no access to User Editors.  

There are no Privileges associated with this Identity Profile feature other than "Create Data Sources".  

No Regular User Access is permitted since this type of user cannot create a Plugin Data Source.

See Overview of Identity Profiles for more information on Identify Profiles.

1. Grant Permissions to Use the Profile

1.1. From Identify Profile Editor

ADMINs ONLY:   Admin menu > System > Identity Profiles > Name link > Editor > Permissions button

Use buttons to grant Use Access to the Identity Profile to a selected Group or Power User and save.  Repeat as required.

1.2. From User or Group Editor

ADMIN: Admin menu > Users & Groups  > List Page > Name link > User or Group Editor > Power User tab > Identity Profile section

POWER USER: Admin menu > Groups  > List Page > Name link > Group Editor > Power User tab > Identity Profile section

  1. [+ Identity Profile Access to the Group]
  2. Select a Profile from the dropdown
    • Power User only sees those Profiles to which user has been granted Use Access
  3. [Save]

NOTE:  Admins follow the same steps when adding an Identity Profile from a User Editor

2. Assign an Identity Profile to a Plugin Data Source

ADMIN:  Admin menu > Collection & Storage > Data Sources > List Page > Name link > Plugin Data Source Editor

POWER USER:  Admin menu > Data Sources > List Page > Name link > Plugin Data Source Editor

  1. Set Auth Type to "Identity Profile"
  2. Choose an Identity Profile (from a drop-down list that contains only those Profiles to which the PU has Use Access) to be used on the Data Source