In this section: |
After a successful operating system (O/S) logon, access to all files and applications is in the security context of that user account, which is the user the O/S considers physically logged on to the server. This allows an administrator to control access based on this account.
The effective user is the user account that is actually interacting with the O/S (files and applications). Depending on the server (Web Server, Application Server, WebFOCUS Reporting Server, ReportCaster Distribution Server) the effective user may be the predetermined account that started the service, or it may be an impersonated account (for example, connecting as the root account to a secured WebFOCUS Reporting Server).
Reference: |
The following are the recommended file system permissions that should be set for the effective user ID of the WebFOCUS Reporting Server:
Directory |
Access |
---|---|
\ibi\apps |
Read, Write. Write access depends on the WebFOCUS components being used. |
\ibi\srv77 |
Read, Execute. |
\ibi\srv77\home\ |
Read. |
\ibi\srv77\home\bin |
Read, Execute. |
\ibi\srv77\wfs |
Read. |
\ibi\srv77\wfs\bin |
Read. |
\ibi\srv77\wfs\catalog |
Read. |
\ibi\srv77\wfs\dfm_dir |
Depends on the WebFOCUS components being used. If using Deferred Receipt: Read, Write. |
\ibi\srv77\wfs\edatemp |
Created and managed by the Workspace Manager. |
\ibi\srv77\wfs\etc |
Read. |
\ibi\srv77\wfs\fds |
Depends on the WebFOCUS components being used. |
\ibi\srv77\wfs\share |
Windows only. Created and managed by the Workspace Manager. |
\ibi\srv77\wfs\tst |
None. |
\ibi\srv77\wfs\user |
Read, Execute. |
\ibi\srv77\wfs\web |
None. |
Note:
You can also prevent a user from typing a particular variable in the URL by setting the protect option for that variable in a WebFOCUS script (see WebFOCUS Script Commands).
To run an authenticating secure server, the built-in local system account has the following privileges by default:
If you want to use an account other than local system, it must also have the above privileges. If these privileges are not set, authentication is automatically turned off.
The following are the recommended file system permissions that should be set for the effective user ID running WebFOCUS:
Directory |
Access |
---|---|
ibi\WebFOCUS77\basedir |
Read, Write (Managed Reporting/Dashboard). |
ibi\WebFOCUS77\worp |
Read, Write (Dashboard). |
ibi\WebFOCUS77\temp |
Read, Write. |
ibi\WebFOCUS77\ibi_html |
Read. |
ibi\WebFOCUS77\ibi_html\publish |
Depends on the WebFOCUS components being used. If using the Managed Reporting Publish feature: Read, Write. |
ibi\client\wfc |
Read. |
ibi\client\wfc\etc |
Read. Write access should be set for the WebFOCUS Administration Console only. |
ibi\client\wfc\web\cgi |
Read (WebFOCUS Servlet only), Execute. For the ibiweb.exe file, write access should be set for the WebFOCUS Administration Console only. |
CGI only: | |
ibi\client\home |
Read, Execute. |
Note:
During the deployment process of Developer Studio, if the Web Server and Application Server run separate processes using different credentials:
Note: If you are using a single approot, the effective user of the WebFOCUS Reporting Server requires Read, Write access.
Running the ReportCaster Distribution Server as a root or administrator account could provide a ReportCaster user with the ability to distribute any file to which the root/administrator account has access. On Windows, the ReportCaster Distribution Server Service is installed with Logon As Local System permissions.
A separate operating system account should be created for the ReportCaster Distribution Server with privileges limited to only what the ReportCaster Distribution Server requires to run scheduled requests. The ReportCaster Distribution Server requires access to the ReportCaster Repository JDBC driver, and may require access to directories if you are distributing files from the file system.
The following are the recommended file system permissions that should be set for the effective user ID of the ReportCaster Distribution Server:
Directory |
Access |
---|---|
ibi\WebFOCUS77\ReportCaster\bin |
Read, Execute |
ibi\WebFOCUS77\ReportCaster\cfg |
Read, Write |
ibi\WebFOCUS77\ReportCaster\lib |
Read |
ibi\WebFOCUS77\ReportCaster\log |
Read, Write |
ibi\WebFOCUS77\ReportCaster\resources |
Read |
ibi\WebFOCUS77\ReportCaster\temp |
Read, Write |
ibi\WebFOCUS77\ReportCaster\trc |
Read, Write |
WebFOCUS |