Establishing Security for DataMigrator
If only a single DataMigrator user will be designing
flows, no alterations to the DataMigrator Server configuration are
necessary. However, if the DataMigrator Server supports multiple
users, the server administrator may need to establish separate user
IDs and profiles to control access to DM application directories.
Note: Establishing security for iWay Servers, including
the DataMigrator Server on z/OS requires additional consideration.
For details, refer to Step 7. Configure Server Security in
Chapter 4, Server Installation for z/OS in the Server
Installation manual.
x
The iWay agent created when you connect to a DataMigrator
Server has an associated logon user ID. Local file, directory, and
resource security is controlled by that user ID.
For scheduled flows, the DM components that a user ID can see
and run from its Application Path are controlled from sched_run_id option
on the Scheduler Configuration page.
When sched_run_id is
set to:
-
server_admin_id,
scheduled DM jobs are run under the first ID that appears in the
list of server administrators displayed on the Access Control page.
If the ID does not have a password specified in the Access Control
tab, a profile for that user ID must be created. server_admin_id
is the default.
-
user,
scheduled DM jobs are run under the user ID that was used to save the
flow. The Application Path specified in the users profile is utilized.
If security is ON and you set sched_run_id to User, to run a
scheduled flow for a certain user ID:
- The user ID
must be a valid user on the system.
- The user ID
must be set to an access level of either SERVER or APPLICATION from the
Access Control page.
- The password
for the user must be set. A SERVER-level administrator can set the password
for a SERVER-level ID from the Access Control page when adding a user.
If a DataMigrator user with an APPLICATION-level
ID wants to run scheduler requests:
- A SERVER administrator
must make them an APP administrator from the Access Control page.
- The user must
set their password on the User Information page.
- The scheduler
must be restarted. (Restarting the server will also restart the scheduler.)
For more information, see Scheduler Configuration Window.
xRestricting the Application Paths Available to a User
By default, the server profile
(EDASPROF.PRF) is run for all users when they connect to the DataMigrator
Server to provide access to all application directories in the servers
search path. However, an administrator can control a users access
to application directories by creating individual user profiles.
Each user can then:
- Access only
the application directories specified in the application path specified
for that profile.
- Use synonyms
in the specified application path.
For details, see Authorizing DataMigrator Server Usage and Administration.
It follows that the user ID that a flow
runs under determines the user profile that is run. The profile
controls the application directories available to the flow, as well
as access to relational databases or source servers.
- If there is
a profile associated with the user ID, then it is used.
- If there is
no profile, then EDASPROF is used instead.
The user can only access the application directories defined
in the profile being used.
You can set the application path from the DMC or the Web Console.
For information on setting the application path from the DMC, see Managing Application Directories and Configuring the Application Path. For information on
setting the application path from the Web Console, see the Server
Administration for UNIX, Windows, OpenVMS, IBMÂ i, and z/OS manual
or the Web Console online help.
xRunning Scheduled Flows Under a User Id
By default, scheduled flows are run using the server
admin ID.
To run all scheduled flows under the user ID that saved them,
you need to:
- Change the
sched_run_id.
- Create a new
user (if the user ID does not already exist). This procedure will
depend on your operating system.
- Add users who
can run flows as an Application Administrator.
- Have the new
users change their security settings.
- Connect to
the server as the new user in the DMC, schedule a flow and save it.
x
Procedure: How to Change the sched_run_id
-
In the navigation pane, expand the server, followed by the Workspace folder,
and then the Configuration/Monitor folder.
-
Expand
the Special Services and Listeners folder
in the navigation pane and select Special Services.
If there is a Start option, the
scheduler is not running. To run the scheduler, select Start.
-
Right-click SCHEDULER and
select Properties.
The
Scheduler Configuration window opens.
-
Select user from
the sched_run_id drop-down menu.
-
Click Save
and Restart Scheduler.
x
Procedure: How to Add the New User as an Application Administrator
Note: If you want to run all
scheduled flows under a user ID that does not already exist, you
must create one using an operating system-specific procedure.
-
In the
DMC, expand a server and then expand the Workspace folder.
-
Expand
the Access Control folder. In the Roles folder,
right-click Application Administrator and
select Register User.
The Register User window opens.
-
Enter
the new user name in the User field.
-
Optionally,
enter a description, domain, and the users email address.
-
Optionally,
you can enter and confirm the users password. Alternatively, the
user can enter their password themselves in the next procedure.
-
Select Application
Administrator Role from the Inherent Privileges from
drop-down menu.
-
Click Apply.
-
Click OK to
save your changes and register as a new user.
x
Procedure: How to Change a Password for Running Scheduled Flows
-
In the
Web Console, from the menu bar, click My Console,
then Log In As Different User.
-
Log
in as the new user. If a domain was set when the user was created, enter
it in that field.
-
From
the toolbar, click My Console, then Change
Password.
The User Information page opens.
-
In the
Security section, enter the passwords, select update password
in admin.cfg, and click UPDATE.
A
confirmation messages shows that security has been successfully updated
-
Close
the Web Console.
x
Procedure: How to Connect to the Server as a New User and Schedule a Flow
-
In the
DMC, right-click the server and select Properties.
-
Change
the User ID and Password in
the Security section to the newly created ones and click OK.
-
Disconnect
and reconnect the server.
-
Open
a process flow in the DMC and add a Schedule.
-
Save
the flow.
The
Scheduler/Scheduler Events report now lists scheduled flows by the userid
that saved them.