Establishing Security for DataMigrator
If only a single DataMigrator user will be designing
flows, no alterations to the DataMigrator Server configuration are
necessary. However, if the DataMigrator Server supports multiple
users, the server administrator may need to establish separate user
IDs and profiles to control access to DM application directories.
Note: Establishing security for iWay Servers,
including the DataMigrator Server on z/OS requires additional consideration.
For details, refer to Step 7. Configure Server Security in
Chapter 4, Server Installation for z/OS in the Server
Installation manual.
x
The iWay agent created when
you connect to a DataMigrator Server has an associated logon user
ID. Local file, directory, and resource security is controlled by
that user ID.
For scheduled flows, the DM components that a user ID can see
and run from its Application Path are controlled from sched_run_id option
on the Scheduler Configuration page.
When sched_run_id is
set to:
-
server_admin_id. Scheduled
DM jobs are run under the first ID that appears in the list of server
administrators displayed on the Access Control page. If the ID does
not have a password specified in the Access Control tab, a profile
for that user ID must be created. server_admin_id is the default.
-
user. Scheduled
DM jobs are run under the user ID that was used to save the flow.
The Application Path specified in the users profile is utilized.
If security is ON and you set sched_run_id to User to run a scheduled
flow for a certain user ID:
- The user ID
must be a valid user on the system.
- The user ID
must be set to an access level of either SERVER or APPLICATION from the
Access Control page.
- The password
for the user must be set. A SERVER-level administrator can set the password
for a SERVER-level ID from the Access Control page when adding a user.
If a DataMigrator user with an APPLICATION-level
ID wants to run scheduler requests:
- A SERVER administrator
must make them an APP administrator from the Access Control page.
- The user must
set their password on the User Information page.
- The scheduler
must be restarted. (Restarting the server will also restart the scheduler.)
For more information, see Scheduler Configuration Window.
xRestricting the Application Paths Available to a User
By default, the server profile
(EDASPROF.PRF) is run for all users when they connect to the DataMigrator
Server to provide access to all application directories in the servers
search path. However, an administrator can control a users access
to application directories by creating individual user profiles.
Each user can then:
- Access only
the application directories specified in the application path specified
for that profile.
- Use synonyms
in the specified application path.
For details, see Authorizing DataMigrator Server Usage and Administration.
It follows that the user ID that a flow
runs under determines the user profile that is run. The profile
controls the application directories available to the flow, as well
as access to relational databases or source servers.
- If there is
a profile associated with the user ID, then it is used.
- If there is
no profile, then EDASPROF is used instead.
The user can only access the application directories defined
in the profile being used.
You can set the application path from the DMC or the Web Console.
For information on setting the application path from the DMC, see Managing Application Directories and Configuring the Application Path. For information on
setting the application path from the Web Console, see the Server
Administration manual or the Web Console online help.
xRunning Scheduled Flows Under a User Id
By default, scheduled flows are run using the server
admin ID.
To run all scheduled flows under the user ID that saved them,
you need to:
- Change the
sched_run_id.
- Create a new
user (if the user ID does not already exist). This procedure will
depend on your operating system.
- Add users who
can run flows as an Application Administrator.
- Have the new
users change their security settings.
- Connect to
the server as the new user in the DMC, schedule a flow and save it.
x
Procedure: How to Change the sched_run_id
-
In the navigation pane, expand the server, followed by the Workspace folder.
-
Expand
the Special Services and Listeners folder.
If there is a Start option, the
scheduler is not running. To run the scheduler, click Start.
-
Right-click SCHEDULER and
click Properties.
The Scheduler Configuration window opens.
-
Select user from
the sched_run_id drop-down menu, as shown
in the following image.
-
Click Save
and Restart Scheduler.
x
Procedure: How to Add the New User as an Application Administrator
Note: If you want to run all
scheduled flows under a user ID that does not already exist, you
must create one using an operating system-specific procedure.
-
In the
DMC, expand a server and then expand the Access Control folder.
-
In the Roles folder,
right-click Application Administrator and
click Register User.
-
Select Single
User Registration.
The Single User Registration window opens, as shown in
the following image.
-
Enter
the new user name in the User field.
-
Optionally,
enter a description, domain, and the users email address.
-
Optionally,
you can enter and confirm the users password. Alternatively, the
user can enter their password themselves in the next procedure.
-
Select Application
Administrator from the Inherent Privileges from the
drop-down menu.
-
Click Register.
-
Click OK to
save your changes and register as a new user.
x
Procedure: How to Change a Password for Running Scheduled Flows
-
Log
in to the DMC with an Administrator user ID.
-
In the navigation pane, expand the server and then the Access
Control folder.
-
Expand the Roles folder
and then expand the folder of the desired Role.
-
Right-click
the user ID you want to manage and click Properties.
-
In the Optional
password for scheduled runs section of the General tab, enter the
new password, and re-enter it to confirm the password.
-
Click Update.
x
Procedure: How to Connect to the Server as a New User and Schedule a Flow
-
In the
DMC, right-click the server and select Properties.
-
Change
the User ID and Password in
the Security section to the newly created ones and click OK.
-
Disconnect
and reconnect the server.
-
Open
a process flow in the DMC and add a Schedule.
-
Save
the flow.
The
Scheduled Events report will now list scheduled flows by the user
ID that saved them.