How to: |
You can optionally enhance the security of Managed Reporting by restricting access to its data and preventing users from accessing Managed Reporting data through the file system. File system access to Managed Reporting data should be avoided because sensitive information can be exposed, production reports can be altered, and Managed Reporting itself can be rendered inoperable.
Managed Reporting maintains most of its files in its repository directory:
/install_directory/ibi/WebFOCUS80/basedir
and uses the following directory for processing:
/install_directory/ibi/WebFOCUS80/temp
During normal operation, these directories should only be accesses by accounts that run WebFOCUS servlets. This depends on your configuration and varies considerably depending on your application server and environment. Consult your third-party documentation for more information and review the user ID requirements in User ID Requirements for the WebFOCUS Client.
Your system administrator may assign *RWX data authority to individual users, or use an authorization list to manage authority to the following folder:
/install_directory/ibi/WebFOCUS80/temp
After the installation is completed, PUBLIC user is given *RW authority to:
/install_directory/ibi/WebFOCUS80/temp
It is advised to remove PUBLIC authority.
Note: You may also want to grant file system access to an administrator group for support and debugging purposes.
To establish a secure Managed Reporting repository on UNIX, log on as root and perform the following procedure.
/install_directory/ibi/WebFOCUS80
chmod 700 basedir temp
chmod 770 basedir temp
chown -R wf_user basedir temp
where:
Is the account that should own the directories. This should be the user ID under which the WebFOCUS servlet runs.
chgrp -R wf_admin basedir temp
where:
Is the group containing the user IDs that require access to the repository.
WebFOCUS |