Establishing Security for DataMigrator

In this section:

If only a single DataMigrator user will be designing flows, no alterations to the DataMigrator Server configuration are necessary. However, if the DataMigrator Server supports multiple users, the server administrator may need to establish separate user IDs and profiles to control access to DM application directories.

Note: Establishing security for iWay Servers, including the DataMigrator Server on z/OS requires additional consideration. For details, refer to Step 7. Configure Server Security in Chapter 4, Server Installation for z/OS in the Server Installation manual.
Top of page
x
Running Flows

The iWay agent created when you connect to a DataMigrator Server has an associated logon user ID. Local file, directory, and resource security is controlled by that user ID.

For scheduled flows, the DM components that a user ID can see and run from its Application Path are controlled from sched_run_id option on the Scheduler Configuration page.

When sched_run_id is set to:

If security is ON and you set sched_run_id to User, to run a scheduled flow for a certain user ID:

  1. The user ID must be a valid user on the system.
  2. The user ID must be set to an access level of either SERVER or APPLICATION from the Access Control page.
  3. The password for the user must be set. A SERVER-level administrator can set the password for a SERVER-level ID from the Access Control page when adding a user.

If a DataMigrator user with an APPLICATION-level ID wants to run scheduler requests:

  1. A SERVER administrator must make them an APP administrator from the Access Control page.
  2. The user must set their password on the User Information page.
  3. The scheduler must be restarted. (Restarting the server will also restart the scheduler.)

For more information, see Scheduler Configuration Window.
Top of page
x
Restricting the Application Paths Available to a User

By default, the server profile (EDASPROF.PRF) is run for all users when they connect to the DataMigrator Server to provide access to all application directories in the servers search path. However, an administrator can control a users access to application directories by creating individual user profiles. Each user can then:

For details, see Authorizing DataMigrator Server Usage and Administration.

It follows that the user ID that a flow runs under determines the user profile that is run. The profile controls the application directories available to the flow, as well as access to relational databases or source servers.

The user can only access the application directories defined in the profile being used.

You can set the application path from the DMC or the Web Console. For information on setting the application path from the DMC, see Managing Application Directories and Configuring the Application Path. For information on setting the application path from the Web Console, see the Server Administration for UNIX, Windows, OpenVMS, IBM i, and z/OS manual or the Web Console online help.

Top of page
x
Running Scheduled Flows Under a User Id

How to:

By default, scheduled flows are run using the server admin ID.

To run all scheduled flows under the user ID that saved them, you need to:

  1. Change the sched_run_id.
  2. Create a new user (if the user ID does not already exist). This procedure will depend on your operating system.
  3. Add users who can run flows as an Application Administrator.
  4. Have the new users change their security settings.
  5. Connect to the server as the new user in the DMC, schedule a flow and save it.
x
Procedure: How to Change the sched_run_id
  1. In the navigation pane, expand the server, followed by the Workspace folder, and then the Configuration/Monitor folder.
  2. Expand the Special Services and Listeners folder in the navigation pane and select Special Services.

    If there is a Start option, the scheduler is not running. To run the scheduler, select Start.

  3. Right-click SCHEDULER and select Properties.

    Scheduler Context Menu

    The Scheduler Configuration window opens.

  4. Select user from the sched_run_id drop-down menu.

    Scheduler Configuration Window

  5. Click Save and Restart Scheduler.
x
Procedure: How to Add the New User as an Application Administrator

Note: If you want to run all scheduled flows under a user ID that does not already exist, you must create one using an operating system-specific procedure.

  1. In the DMC, expand a server and then expand the Workspace folder.
  2. Expand the Access Control folder. In the Roles folder, right-click Application Administrator and select Register User.

    The Register User window opens.

  3. Enter the new user name in the User field.
  4. Optionally, enter a description, domain, and the users email address.
  5. Optionally, you can enter and confirm the users password. Alternatively, the user can enter their password themselves in the next procedure.
  6. Select Application Administrator Role from the Inherent Privileges from drop-down menu.
  7. Click Apply.
  8. Click OK to save your changes and register as a new user.
x
Procedure: How to Change a Password for Running Scheduled Flows
  1. In the Web Console, from the menu bar, click My Console, then Log In As Different User.

  2. Log in as the new user. If a domain was set when the user was created, enter it in that field.

  3. From the toolbar, click My Console, then Change Password.

    The User Information page opens.

  4. In the Security section, enter the passwords, select update password in admin.cfg, and click UPDATE.

    A confirmation messages shows that security has been successfully updated

  5. Close the Web Console.
x
Procedure: How to Connect to the Server as a New User and Schedule a Flow
  1. In the DMC, right-click the server and select Properties.
  2. Change the User ID and Password in the Security section to the newly created ones and click OK.

  3. Disconnect and reconnect the server.
  4. Open a process flow in the DMC and add a Schedule.
  5. Save the flow.

The Scheduler/Scheduler Events report now lists scheduled flows by the userid that saved them.

iWay Software