Establishing Security for DataMigrator

In this section:

If only a single DataMigrator user will be designing flows, no alterations to the DataMigrator Server configuration are necessary. However, if the DataMigrator Server supports multiple users, the server administrator may need to establish separate user IDs and profiles to control access to DM application directories.

Note: Establishing security for iWay Servers, including the DataMigrator Server on z/OS requires additional consideration. For details, refer to Step 7. Configure Server Security in Chapter 4, Server Installation for z/OS in the Server Installation manual.

Top of page

Running Flows

The iWay agent created when you connect to a DataMigrator Server has an associated logon user ID. Local file, directory, and resource security is controlled by that user ID.

For scheduled flows, the DM components that a user ID can see and run from its Application Path are controlled from sched_run_id option on the Scheduler Configuration page.

When sched_run_id is set to:

If security is ON and you set sched_run_id to User to run a scheduled flow for a certain user ID:

  1. The user ID must be a valid user on the system.
  2. The user ID must be set to an access level of either SERVER or APPLICATION from the Access Control page.
  3. The password for the user must be set. A SERVER-level administrator can set the password for a SERVER-level ID from the Access Control page when adding a user.

If a DataMigrator user with an APPLICATION-level ID wants to run scheduler requests:

  1. A SERVER administrator must make them an APP administrator from the Access Control page.
  2. The user must set their password on the User Information page.
  3. The scheduler must be restarted. (Restarting the server will also restart the scheduler.)

For more information, see Scheduler Configuration Window.

Top of page

Restricting the Application Paths Available to a User

By default, the server profile (EDASPROF.PRF) is run for all users when they connect to the DataMigrator Server to provide access to all application directories in the servers search path. However, an administrator can control a users access to application directories by creating individual user profiles. Each user can then:

For details, see Authorizing DataMigrator Server Usage and Administration.

It follows that the user ID that a flow runs under determines the user profile that is run. The profile controls the application directories available to the flow, as well as access to relational databases or source servers.

The user can only access the application directories defined in the profile being used.

You can set the application path from the DMC or the Web Console. For information on setting the application path from the DMC, see Managing Application Directories and Configuring the Application Path. For information on setting the application path from the Web Console, see the Server Administration manual or the Web Console online help.

Top of page

Running Scheduled Flows Under a User Id

How to:

By default, scheduled flows are run using the server admin ID.

To run all scheduled flows under the user ID that saved them, you need to:

  1. Change the sched_run_id.
  2. Create a new user (if the user ID does not already exist). This procedure will depend on your operating system.
  3. Add users who can run flows as an Application Administrator.
  4. Have the new users change their security settings.
  5. Connect to the server as the new user in the DMC, schedule a flow and save it.

Procedure: How to Change the sched_run_id
  1. In the navigation pane, expand the server, followed by the Workspace folder.
  2. Expand the Special Services and Listeners folder.

    If there is a Start option, the scheduler is not running. To run the scheduler, click Start.

  3. Right-click SCHEDULER and click Properties.

    The Scheduler Configuration window opens.

  4. Select user from the sched_run_id drop-down menu, as shown in the following image.

    Scheduler Configuration dialog box

  5. Click Save and Restart Scheduler.

Procedure: How to Add the New User as an Application Administrator

Note: If you want to run all scheduled flows under a user ID that does not already exist, you must create one using an operating system-specific procedure.

  1. In the DMC, expand a server and then expand the Access Control folder.
  2. In the Roles folder, right-click Application Administrator and click Register User.
  3. Select Single User Registration.

    The Single User Registration window opens, as shown in the following image.

    Single User Registration window

  4. Enter the new user name in the User field.
  5. Optionally, enter a description, domain, and the users email address.
  6. Optionally, you can enter and confirm the users password. Alternatively, the user can enter their password themselves in the next procedure.
  7. Select Application Administrator from the Inherent Privileges from the drop-down menu.
  8. Click Register.
  9. Click OK to save your changes and register as a new user.

Procedure: How to Change a Password for Running Scheduled Flows
  1. Log in to the DMC with an Administrator user ID.
  2. In the navigation pane, expand the server and then the Access Control folder.
  3. Expand the Roles folder and then expand the folder of the desired Role.
  4. Right-click the user ID you want to manage and click Properties.
  5. In the Optional password for scheduled runs section of the General tab, enter the new password, and re-enter it to confirm the password.
  6. Click Update.

Procedure: How to Connect to the Server as a New User and Schedule a Flow
  1. In the DMC, right-click the server and select Properties.
  2. Change the User ID and Password in the Security section to the newly created ones and click OK.

    Server Node Configuration Window

  3. Disconnect and reconnect the server.
  4. Open a process flow in the DMC and add a Schedule.
  5. Save the flow.

The Scheduled Events report will now list scheduled flows by the user ID that saved them.

iWay Software