MDM - Informatica Master Data Management Security and Access Control Questions and Answers

Question 1

An MDM administrator needs to configure access for a new data steward. The steward must be able to view, create, and update 'Customer' records but must be explicitly prevented from merging them. Additionally, the steward must have no access to 'Product' records. Which of the following is the most effective and secure method to achieve this?

Accepted Answer

Create a new role, grant it Read, Create, and Update privileges for the 'Customer' Base Object resource, withhold the Merge privilege, and ensure no privileges are granted for the 'Product' resource. Assign the user to this new role.

Answer

The Informatica MDM security model is role-based. Privileges are not assigned directly to users but to roles, and users are then assigned to those roles. The most precise and secure way to meet these specific requirements is to create a custom role that grants only the necessary privileges (Read, Create, Update) on the specified secure resource ('Customer' Base Object) while withholding others (Merge) and denying all access to other resources ('Product'). Using database-level grants or triggers bypasses the MDM Hub's security framework and is incorrect.

Question 2

A senior data steward reports they can successfully merge duplicate records but are unable to perform an unmerge operation using the Data Manager or Merge Manager tools. The administrator has confirmed the steward's role has Read, Update, and Merge privileges for the corresponding base object. Which specific privilege is most likely missing?

Accepted Answer

Unmerge

Answer

Informatica MDM provides granular privileges for base object operations. The ability to merge and the ability to unmerge are controlled by separate, distinct privileges. While the 'Merge' privilege allows a user to combine records, the 'Unmerge' privilege is explicitly required to reverse a merge action. The other privileges listed (Execute, Delete, Create) control different operations and would not resolve this specific issue.

Question 3

An organization wants to enable single sign-on (SSO) for its Informatica MDM users, allowing them to authenticate using their corporate Active Directory credentials instead of maintaining separate MDM-native logins. Which component must be configured in the Hub Console to facilitate this integration?

Accepted Answer

An LDAP Authentication Provider within the Security Access Manager.

Answer

Informatica MDM integrates with external user directories like LDAP (Lightweight Directory Access Protocol) or Active Directory for user authentication. To achieve this, an administrator must configure an external authentication provider, specifically an LDAP login module, within the Security Access Manager in the Hub Console. This configuration points the MDM Hub to the external directory service for validating user credentials.

Question 4

Which of the following are considered 'Secure Resources' that can be explicitly secured by assigning privileges to roles within the Hub Console's Security Access Manager (SAM)?

Accepted Answer

Base Objects, Queries, and Packages

Answer

The Security Access Manager (SAM) in Informatica MDM allows administrators to apply security privileges to a defined set of resource types. These 'Secure Resources' include, but are not limited to, Base Objects, Queries (both public and private), and Packages (used for cleansing and transformations). Staging/Landing tables, database triggers, and individual rows are not directly managed as secure resources within SAM's role-privilege framework.

Question 5

A downstream application requires programmatic, read-only access to customer data via a specific Services Integration Framework (SIF) API. To adhere to the principle of least privilege, what is the best practice for granting this access?

Accepted Answer

Create a new dedicated role, grant it 'Execute' privilege ONLY on the required SIF API secure resource, and assign a dedicated application user to that role.

Answer

The most secure method that follows the principle of least privilege is to create a specific role for the application. This role should be granted the 'Execute' privilege exclusively for the specific SIF API it needs to call. This ensures the application can only perform its intended function and cannot access other APIs or data. Using a broad role like 'Data Steward', disabling security, or bypassing the application layer with direct database access are all insecure practices.

(MDM) Informatica Master Data Management Certification Practice Test

(MDM) Informatica Master Data Management Certification Practice Test

MDM - Informatica Master Data Management Security and Access Control Questions and Answers