Creating Users and Groups

Creating users and groups
http://publib.boulder.ibm.com/infocenter/iisinfsv/v8r7/advanced/print.jsp?topic=/com.ibm.swg.im.iis....

Contents
1. Default and preconfigured users 2. Creating users in the IBM InfoSphere Information Server console 3. Creating groups in the IBM InfoSphere Information Server console 4. Adding users to a group in the IBM InfoSphere Information Server console 5. Creating users in the IBM InfoSphere Information Server Web console 6. Creating groups in the IBM InfoSphere Information Server Web console 7. Adding users to a group in the IBM InfoSphere Information Server Web console 8. Permissions and groups configuration (Windows Server 2008) 8.1. Configuring permissions and groups (Windows Server 2008) 8.2. Configuring permissions and groups (Windows Server 2008 domain controller) 8.3. Configuring write permission to the registered-servers.xml file
1 of 23
4/12/2012 6:55 PM
IBM InfoSphere Foundation Tools IBM InfoSphere Information Server, Version 8.7.0 Feedback
User and group creation

Create users as the first level of security. You must create a user for each person who will log in to IBM InfoSphere Information Server. If the InfoSphere Information Server internal user registry is used, you can create users and groups by using the InfoSphere Information Server console or the InfoSphere Information Server Web console. The InfoSphere Information Server console is available with IBM InfoSphere Information Analyzer and InfoSphere Information Services Director. The InfoSphere Information Server Web console is available to all InfoSphere Information Server users with the SuiteUser role. If you are using an external user registry, such as the local operating system user registry or Lightweight Directory Access Protocol (LDAP), you must create users and groups by using the user registry administration tools. You cannot create users and groups in external user registries by using the InfoSphere Information Server consoles. Default and preconfigured users Several administrator users are created by the InfoSphere Information Server installation program when it runs. Creating users in the console If the InfoSphere Information Server internal user registry is used, you can create users and groups by using the InfoSphere Information Server console. Creating users in the Web console If the InfoSphere Information Server internal user registry is used, you can create users and groups by using the InfoSphere Information Server Web console. Permissions and groups configuration (Windows 2008) After you install InfoSphere Information Server on Microsoft Windows 2008 Server, you must perform an additional task to configure users. Related concepts Internal directory External directory
Release date: 2011-10-01 PDF version of this information: IBM InfoSphere Information Server Administration Guide
2 of 23
4/12/2012 6:55 PM
1. IBM InfoSphere Foundation Tools IBM InfoSphere Information Server, Version 8.7.0 Feedback
Default and preconfigured users

In addition to users that you create, several default or preconfigured users are created by you or for you during the installation process. Accounts must be created for the administrator users for IBM InfoSphere Information Server and IBM WebSphere Application Server. These users are typically called "isadmin" and "wasadmin." You can choose to create them during installation. The accounts must be created in the user registry that is used by WebSphere Application Server. Table 1. Services tier users Sample user name Description isadmin wasadmin InfoSphere Information Server administrator WebSphere Application Server administrator and InfoSphere Information Server administrator
There must be at least one user account for the engine. This user ID is typically called "dsadm." You can choose to create this account during installation. It must be created in the user registry that is used by the engine. This user registry can be the local operating system user registry. Alternatively, the user registry can be an external user registry. This external user registry must be configured through Pluggable Authentication Modules (PAM). PAM must run on the operating system of the computer that is hosting the engine. Table 2. Engine tier users Sample user name Description dsadm IBM InfoSphere DataStage administrator
There are several other users that you must define. The following users must be local operating system users where the metadata repository tier is installed. You can choose to create these accounts during installation: If you use IBM DB2 for the metadata repository: You must have a DB2 instance owner. This user is the owner of the DB2 database management system. This user is typically called "db2admin" in Microsoft Windows installations, and "dasusr1" in Linux and UNIX installations. You must have a non-fenced instance user. This user is typically called "db2inst1" You must have a fenced user. This user is typically called "db2fenc1". All installations must have an owner for the metadata repository database within the database management system. This account is typically called "xmeta."
3 of 23
4/12/2012 6:55 PM
IBM InfoSphere Information Analyzer installations must have an owner for the information analysis database within the database management system. This account is typically called "iauser." Table 3. Additional users Sample user Sample user name (Linux, name UNIX) (Windows) db2admin N/A N/A xmeta iauser dasusr1 db2inst1 db2fenc1 xmeta iauser
Description DB2 instance owner (only required if you are using DB2 to host the metadata repository database or analysis database) DB2 non-fenced instance user (only required if you are using DB2 to host the metadata repository database or analysis database) DB2 fenced user (only required if you are using DB2 to host the metadata repository database or analysis database) Metadata repository database owner Information analysis database owner
Related concepts Security role overview External user registry overview Related tasks Setting up a new non-root user for WebSphere Application Server (Linux, UNIX) Setting up operating system user accounts
4 of 23
4/12/2012 6:55 PM
Creating users in the IBM InfoSphere Information Server console

If the IBM InfoSphere Information Server internal user registry is used, you can create users as the first level of security. You must create a user for each person that needs to log in to InfoSphere Information Server.
Before you begin

You must have IBM InfoSphere Information Analyzer or InfoSphere Information Services Director installed. You must have Administrator authority.
Procedure
1. On the Home navigator menu, select Configuration > Users. 2. In the Tasks pane, click New User. 3. In the New User pane, specify information about the user. The User Name, Password, Confirm Password, First Name (Given Name), and Last Name (Family Name) fields are required. 4. In the Suite pane, specify the rights for the user. 5. In the Suite Component pane, select whether the user has any suite component roles. You must add at least one suite component role for each suite component that you want the user to access. For example, if you are creating a user that will access IBM InfoSphere Information Analyzer, you must assign the Information Analyzer Project Administrator, Data Administrator, or User role. 6. Optional: In the Groups pane, click Browse to add the user to a group. a. In the Add Groups window, select the group that you want to add the user to. b. Click Add. c. Click OK to close the window. 7. Click Save > Save and Close.
What to do next
After you create users, you can add the users to new or existing projects. Related concepts
5 of 23
4/12/2012 6:55 PM
IBM InfoSphere Business Glossary roles IBM InfoSphere DataStage and QualityStage roles IBM InfoSphere Information Analyzer roles IBM InfoSphere Information Services Director roles IBM InfoSphere FastTrack roles IBM InfoSphere Metadata Workbench roles Operational metadata roles Common data rule roles Related tasks Assigning users to a project and assigning roles
6 of 23
4/12/2012 6:55 PM
Creating groups in the IBM InfoSphere Information Server console

If the IBM InfoSphere Information Server internal user registry is used, you can create user groups and assign security settings and roles to the groups. All users that belong to a group automatically inherit the security settings and roles that are assigned to the group.
Before you begin

You must have IBM InfoSphere Information Analyzer or InfoSphere Information Services Director installed. You must have Administrator authority.
Procedure
1. On the Home navigator menu, select Configuration > Groups. 2. On the Groups workspace, click New Group on the Tasks pane. 3. Specify information about the group. The ID and the Group Name fields are required. 4. In the Suite pane, specify the rights for the group. 5. In the Suite Component pane, select whether the group has any suite component roles. You must add at least one suite component role for each suite component that you want the group of users to access. For example, if you are creating a group that will access IBM InfoSphere Information Analyzer, you must assign the Information Analyzer Project Administrator, Data Administrator, or User role. 6. Optional: In the Users pane, click Browse to add users to the group. a. In the Add Users window, select the user that you want to add to the group. b. Click Add. c. Click OK to close the window. 7. Click Save > Save and Close.
What to do next
After you create groups, you can add the groups to new or existing projects. Related concepts IBM InfoSphere Business Glossary roles
7 of 23
4/12/2012 6:55 PM
IBM InfoSphere DataStage and QualityStage roles IBM InfoSphere Information Analyzer roles IBM InfoSphere Information Services Director roles IBM InfoSphere FastTrack roles IBM InfoSphere Metadata Workbench roles Operational metadata roles Common data rule roles Related tasks Assigning groups to a project and specifying roles Adding users to a group in the IBM InfoSphere Information Server console
8 of 23
4/12/2012 6:55 PM
Adding users to a group in the IBM InfoSphere Information Server console

If the IBM InfoSphere Information Server internal user registry is used, you can add users to a group to quickly assign and reassign user roles.
Before you begin

You must have IBM InfoSphere Information Analyzer or InfoSphere Information Services Director installed.
Procedure
1. 2. 3. 4. 5. 6. 7. 8. On the Home navigator menu, select Configuration > Groups. In the Groups workspace, select a group. In the Task pane, click Open. In the Users pane, click Browse. In the Add Users window, select the users that you want to add to the group. Click Add. Click OK to save your choices and to close the Add Users window. Click Save > Save and Close to save the assignments.
Related tasks Creating groups in the IBM InfoSphere Information Server console
9 of 23
4/12/2012 6:55 PM
Creating users in the IBM InfoSphere Information Server Web console

If the IBM InfoSphere Information Server internal user registry is used, you can create users as the first level of security. You must create a user for each person that needs to log in to InfoSphere Information Server.
Before you begin

You must have suite administrator authority.
Procedure
1. 2. 3. 4. 5. 6. In the IBM InfoSphere Information Server Web console, click the Administration tab. In the Navigation pane, select Users and Groups > Users. In the Users pane, click New User. In the Create New User pane, provide information about the user. In the Roles pane, specify whether the user is an administrator and user of the suite or a user of the suite. In the Suite Component pane, select whether the user has any suite component roles. To log in to any of the product modules, a user must have the suite user role. Also add at least one suite component role for each suite component that you want the user to access. For example, if you are creating a user that will access IBM InfoSphere Information Analyzer, you must assign the suite user role, and also the Information Analyzer Project Administrator, Data Administrator, or User role. 7. Click Save and Close to save the user information in the metadata repository.
Related concepts InfoSphere Business Glossary roles InfoSphere DataStage and QualityStage roles InfoSphere Information Analyzer roles InfoSphere Information Services Director roles InfoSphere FastTrack roles InfoSphere Metadata Workbench roles Operational metadata roles
10 of 23
4/12/2012 6:55 PM
Creating groups in the IBM InfoSphere Information Server Web console

If the IBM InfoSphere Information Server internal user registry is used, you can create user groups and assign security settings and roles to the groups. All users that belong to a group automatically inherit the security settings and roles that are assigned to the group.
Before you begin

You must have suite administrator authority.
Procedure
1. In the IBM InfoSphere Information Server Web console, click the Administration tab. 2. In the Navigation pane, select Users and Groups > Groups. 3. In the Groups pane, click New Group. 4. In the Create New Group pane, provide information for the group. 5. Optional: In the Roles pane, specify whether the group has administrator and user privileges in the suite or user privileges in the suite. 6. Optional: In the Suite Component pane, select whether the group has any suite component roles. You must add at least one suite component role for each suite component that you want the users in the group to access. For example, if you are creating a group for users that are to access IBM InfoSphere Information Analyzer, you must assign the Information Analyzer Project Administrator, Data Administrator, or User role. 7. Assign users to the group. a. In the Users pane, click Browse. b. In the Search for Users window, type a name in the search fields and click Filter. To view all users, click Clear Filter. c. Select the users that you want to assign to the group. d. Click OK to save your choices and close the Search for Users window. 8. Click Save and Close to save the group. Related concepts InfoSphere Business Glossary roles
11 of 23
4/12/2012 6:55 PM
InfoSphere DataStage and QualityStage roles InfoSphere Information Analyzer roles InfoSphere Information Services Director roles InfoSphere FastTrack roles InfoSphere Metadata Workbench roles Operational metadata roles Related tasks Adding users to a group in the IBM InfoSphere Information Server Web console
12 of 23
4/12/2012 6:55 PM
Adding users to a group in the IBM InfoSphere Information Server Web console
If the IBM InfoSphere Information Server internal user registry is used, you can add users to a group to quickly assign and reassign user roles.
Procedure
1. In the IBM InfoSphere Information Server Web console, click the Administration tab. 2. In the Navigation pane, select Users and Groups > Groups. 3. In the Groups pane, select a group and click Open Group. 4. In the Users pane, click Browse. 5. In the Search for Users window, locate the users that you want to add to the group. Option To search for a user by name: To view all users: Description Type a name in the search fields and click Filter. Do not enter any text in the fields and click Clear Filter.
6. Select the users that you want to assign to the group. 7. Click OK to save your choices and close the Search for Users window. 8. Click Save and Close to save the assignments. Related tasks Creating groups in the IBM InfoSphere Information Server Web console
13 of 23
4/12/2012 6:55 PM
Permissions and groups configuration (Windows Server 2008)

After you install IBM InfoSphere Information Server on Microsoft Windows 2008 Server, you must perform an additional task to configure users.
About this task

Which task you use depends on whether Microsoft Windows Server 2008 is configured to be a domain controller. The first time that a user of an InfoSphere Information Server client, such as the IBM InfoSphere DataStage client or the IBM InfoSphere Information Server console, successfully logs in to the InfoSphere Information Server services tier, the server is added to the registeredservers.xml file. This file is located in the C:\IBM\InformationServer\ASBNode\eclipse\plugins\com.ibm.isf.client. directory by default. When logging in to the services tier for the first time, the operating system user on the client must have write permission to the registeredservers.xml file on the client so that in can be updated. If the user does not have the required permission, the login fails.
System administrators can limit access to specific InfoSphere Information Server services tiers from any client by removing the file system write permission to the registered-servers.xml file. The administrator, or anyone who has write permission, can log in ahead of time to each server that the client user will access. The administrator can then distribute the prepopulated registered-servers.xml file to the remaining clients in their network. To set or remove file system write permission, see Configuring write permission to the registeredservers.xml file. Configuring permissions and groups (Windows Server 2008) You must complete these tasks to configure users and groups to access to IBM InfoSphere Information Server. This configuration is required only for the engine tier computer. This configuration is only applicable to the users of the operating system where the engine tier components are installed. Configuring permissions and groups (Windows Server 2008 domain controller) If Microsoft Windows Server 2008 is a domain controller, you must complete these tasks to configure users and groups to access IBM InfoSphere Information Server. This configuration is required only for the engine tier computer and is only applicable to the users of the operating system where the engine tier components are installed. Configuring write permission to the registered-servers.xml file The first time that a given services tier is accessed from a given client system, the user that is currently logged into the operating system must have write permission to the registered-servers.xml file to allow the application to add the host name and port of the
14 of 23
4/12/2012 6:55 PM
client system to the file. Once the information is added, any subsequent login by any user by any InfoSphere Information Server application on the client system only requires read access to the file.
15 of 23
4/12/2012 6:55 PM
8.1. IBM InfoSphere Foundation Tools IBM InfoSphere Information Server, Version 8.7.0 Feedback
Configuring permissions and groups (Windows Server 2008)

You must complete these tasks to configure users and groups to access to IBM InfoSphere Information Server. This configuration is required only for the engine tier computer. This configuration is only applicable to the users of the operating system where the engine tier components are installed.
Procedure
1. Log in to Microsoft Windows Server 2008 as an administrator. 2. Create a group. a. Click Start > Control Panel > Administrative Tools > Computer Management. b. In the Computer Management window, expand System Tools > Local Users and Groups > Groups. c. Click Action > New Group. d. In the New Group window, type DataStage as the name for the group, click Create, and click Close. 3. Configure users and the DataStage group to log in. a. Click Start > Control Panel > Administrative Tools > Local Security Policy. b. In the Local Security Settings window, expand Local Policies > User Rights Assignment to display the policies. c. In the Local Security window, click the Allow log on Locally policy and click Actions > Properties. d. In the Allow log on Locally Properties window, click Add User or Group. e. In the Select Users or Groups window, click Locations, click the name of your local computer, and click OK. f. In the Select Users or Groups window, click Advanced and click Find Now. g. In the search results, select Authenticated Users and DataStage and click OK three times to save the results and to return to the Local Security window. h. In the Local Security window, click the Log on as a Batch Job policy and click Actions > Properties. i. In the Log on as a Batch Job window, click Add User or Group. j. In the Select Users or Groups window, click Locations, click the name of your local computer, and click OK. k. In the Select Users or Groups window, click Advanced, and then click Find Now. l. In the search results, select DataStage and click OK three times to save the results and to return to the Local Security window. m. Close the Local Security Policy window. 4. Add users to the group. a. From the Computer Management window, click Groups.
16 of 23
4/12/2012 6:55 PM
b. c. d. e. f. g. h. i. j. k.
Click the name of the group that you want to add users to (DataStage). Click Action > Add to Group. In the User Properties window, click Add. In the Select Users or Groups window, click Location. Click the name of your local computer, and then click OK. In the Select Users window, click Advanced. In the window that opens, click Find Now. Click the names of users that you want to include in the group, and click OK. At a minimum, include all authenticated users. Click OK three times to return to the Computer Management window. Close the Computer Management window.
5. Set permissions for the following folders:

C:\IBM\InformationServer\Server C:\Program Files\MKS Toolkit\fifos C:\Windows\%TEMP% C:\tmp
Complete the following steps for each of the listed folders. a. b. c. d. e. f. g. h. i. j. k. Select the folder and click File > Properties. In the Properties window, click the Security tab, and click Edit. In the Permissions window, click Add. In the Select Users or Groups window, click Locations. Click the name of the local computer, and click OK. In the Select Users or Groups window, click Advanced. In the window that opens, click Find Now. Click the name of the group that you want to set permissions for (DataStage). Click OK twice. In the Permissions list, select to allow Modify, Read & execute, List folder contents, Read, and Write Permissions. Click OK. If you receive a message that asks you to confirm the changes, click Apply changes to this folder, subfolders and files.
Parent topic: Permissions and groups configuration (Windows Server 2008) Related tasks Configuring write permission to the registered-servers.xml file
17 of 23
4/12/2012 6:55 PM
18 of 23
4/12/2012 6:55 PM
Configuring permissions and groups (Windows Server 2008 domain controller)

If Microsoft Windows Server 2008 is a domain controller, you must complete these tasks to configure users and groups to access IBM InfoSphere Information Server. This configuration is required only for the engine tier computer and is only applicable to the users of the operating system where the engine tier components are installed.
Procedure
Because you cannot add the built-in authenticated users group to a group that you create in steps 3 and 2, you might prefer to skip steps 3 and 2 and use the authenticated users group directly. 1. Log in to Microsoft Windows Server 2008 as an administrator. 2. Create a group. a. Click Start > Control Panel > Administrative Tools > Active Directory and Computers. b. In the Active Directory and Computers window, click Users in the current domain. c. In the window that opens, click Action > New Group. d. In the New Group window, type DataStage as the name for the group. e. Leave Group scope as Global and Group type as Security. f. Click OK 3. Configure the server to allow local users and the DataStage group to log in. a. Click Start > Control Panel > Administrative Tools > Domain Security Policy. b. In the Domain Security Policy window, expand Local Policies > User Rights Assignment to display the policies. c. In the Domain Security window, click the Allow log on Locally policy, and click Actions > Properties. d. In the Allow log on Locally Properties window, click Add User or Group. e. Click Browse. f. In the Select Users, Computers, or Groups window, click Advanced and then click Find Now. g. In the search results, click Authenticated Users and DataStage, and then click OK three times to return to the Domain Security Policy window. h. In the Domain Security window, click the Log on as a Batch Job policy, and click Actions > Properties. i. In the Log on as a Batch Job window, click Add User or Group. j. Click Browse. k. In the Select Users, Computers, or Groups window, click Advanced and then click Find Now.
19 of 23
4/12/2012 6:55 PM
l. In the search results, click DataStage and click OK three times to return to the Domain Security Policy window. m. Close the Domain Security Policy window. 4. Add users to the group. a. In the Users in the current domain window, click the name of the group that you want to add users to (DataStage), and click OK. Authenticated users are not available. b. Click Action > Properties. c. In the Properties window, click the Members tab, and then click Add. d. In the window that opens, click Advanced, and then click Find Now. e. Click the names of users that you want to add to the group, and then click OK. Authenticated users are not available. f. Click OK two times to save your results and to return to the Active Directory and Computers window. g. Close the Active Directory and Computers window. 5. Set permissions for the following folders:
C:\IBM\InformationServer\Server C:\Program Files\MKS Toolkit\fifos C:\Windows\%TEMP% C:\tmp
Complete the following steps for each of the listed folders. a. b. c. d. e. f. g. h. i. Select the folder and click File > Properties. In the Properties window, click the Security tab, and click Edit. In the Permissions window, click Add. In the Select Users, Computers, or Groups window, click Locations. In the window that opens, click Advanced, and then click Find Now. Click the name of the group that you want to set permissions for (DataStage). Click OK twice. In the Permissions list, select to allow Modify, Read & execute, List folder contents, Read, and Write Permissions. Click OK. If you receive a message to confirm your changes, confirm by clicking Apply changes to this folder, subfolders and files.
Parent topic: Permissions and groups configuration (Windows Server 2008) Related tasks Configuring write permission to the registered-servers.xml file
Release date: 2011-10-01
20 of 23
4/12/2012 6:55 PM
PDF version of this information: IBM InfoSphere Information Server Administration Guide
21 of 23
4/12/2012 6:55 PM
Configuring write permission to the registered-servers.xml file

The first time that a given services tier is accessed from a given client system, the user that is currently logged into the operating system must have write permission to the registered-servers.xml file to allow the application to add the host name and port of the client system to the file. Once the information is added, any subsequent login by any user by any InfoSphere Information Server application on the client system only requires read access to the file.
About this task

When an InfoSphere Information Server client application logs into a services tier for the first time, the application adds the services tier host name and port to the local registered-servers.xml file. This file contains the list of services tiers to be displayed as choices for subsequent client logins. Be default, administrators have write permission to the registered-servers.xml file. Write permission for the Users group must also be added for the application to access the file.
Procedure
To give the Users group write permission to the file: Windows XP 1. In Microsoft Windows Explorer, locate the registered-servers.xml file. By default, this file is located in the following directory:
C:\IBM\InformationServer\ASBNode\eclipse\plugins\com.ibm.isf.client
2. 3. 4. 5. 6. 7. 8. 9. 10. 11.
Right-click the file and select Properties In the Properties window, click the Security tab. Click Add. In the Select Users or Groups window, click Locations. Select the name of your local computer and click OK. In the Select Users or Groups window, click Advanced. Click Find Now and select the Users group. Click OK twice. With the Users group selected, click Allow for the Write permission, and click OK. If you receive a message to confirm your changes, confirm by clicking Apply changes to this folder, subfolders and files.
Windows 2008 and Windows 7
22 of 23
4/12/2012 6:55 PM
1. In Microsoft Windows Explorer, locate the registered-servers.xml file. By default, this file is located in the following directory:
C:\IBM\InformationServer\ASBNode\eclipse\plugins\com.ibm.isf.client
2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12.
Right-click the file and select Properties In the Properties window, click the Security tab. Click Edit. In the Permissions window, click Add. In the Select window, click Locations. Select the name of your local computer and click OK. In the Select window, click Advanced. Click Find Now and select the Users group. Click OK twice. With the Users group selected, click Allow for the Write permission, and click OK. If you receive a message to confirm your changes, confirm by clicking Apply changes to this folder, subfolders and files.
Parent topic: Permissions and groups configuration (Windows Server 2008) Related tasks Configuring permissions and groups (Windows Server 2008) Configuring permissions and groups (Windows Server 2008 domain controller)
23 of 23
4/12/2012 6:55 PM

Creating Users and Groups

Uploaded by

Copyright:

Available Formats

Creating Users and Groups

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Creating Users and Groups

Uploaded by

Copyright:

Available Formats

Creating users and groups