Teradata Data Mover (version 13.10) introduced job level security management which allows users to specify access rights at job level. Through the Teradata Data Mover Portlet, a Viewpoint user with access to Data Mover Portlet can grant/revoke access rights of individual Data Mover job to other Viewpoint users with access to Data Mover portlet.
This article will use the term “Data Mover user”, which will be equivalent to a "Viewpoint user with Data Mover portlet (TDM Portlet) access". It will also use the term “Data Mover Admin user”, which will be equivalent to a "Viewpoint user with Data Mover Setup portlet (TDMS Portlet) access".
There are three different levels of access rights provided in TDM Portlet. The three levels are:
Every Data Mover user has the ability to create a job via the New Job link found on the top-right of the ‘Saved Jobs’ screen.
Every Data Mover Admin user has 'owner' level permissions on all Data Mover jobs.
After the overview above, let’s go through the steps to specify access rights when creating a TDM job via the Portlet.
Enable the security management checkbox located in TDMS Portlet. If the checkbox is not selected (checked), then all Data Mover users have ‘Owner’ level permissions on all existing and future Data Mover jobs.
Click on the New Job link on the 'Saved Jobs' screen. Specify Source/Target systems to dmdev/dmsmp respectively & select items1 table from user jg185041. Please refer to the following article to create the table & user.
Clicking on Save button on the bottom right of TDM Portlet will display another screen. The Sharing section of the screen is where a user can set permissions. Execute and View-only correlates to their respective permissions. Since the 'owner' permission cannot be modified, it is absent in the Sharing section. In our exercise, we have specified ‘user2’ to have ‘execute’ permission and ‘user3’ to have ‘view-only’ permission.
The job name will be access_rights_test.
Clicking on Save button on the bottom center will save the job.
You have successfully created a job with access rights via the TDM Portlet. The rest of the article will address how specifying access rights affect user access.
The TDM Portlet will only display jobs that the user has either a 'View only', 'Execute', or 'Owner' level permissions on (note: This will only happen if security management is enabled in the Data Mover Setup portlet). If a user does not have any permissions on a job, then he will not see the job in the 'Saved Jobs' screen.
If a user has 'View only', 'Execute' or 'Owner' level permissions, he will see the job in the 'Saved Jobs' screen, but the context menu for every job will only display 'commands' the user has permission to.
In our exercise, the Data Mover user who created the job will have the ‘Owner’ permissions. Notice that the user as the 'owner' has ability to run/edit/delete/preview commands.
We gave user2 ‘execute’ permissions on access_rights_test. When user2 logs on to viewpoint and click on the context menu of the TDM Portlet, it will see the 'commands' shown below. Notice the missing ‘Edit’ command
We gave user3 ‘view-only’ permissions on access_rights_test. When user3 logs on to viewpoint and click on the context menu of the TDM Portlet, it will see the 'commands' shown below. Notice the missing ‘Run’ command.