Use the Security tab to configure the Process Engine security connection and to set the region password.
Process Engine relies on a Content Engine server for authentication and directory service access (for example, performing queries for user and group information). Configuring the Process Engine security connection involves specifying a Content Engine server for this purpose.
You must configure or update Process Engine security after:
For information about how security accounts are documented using display names and variable designators, see Users and groups required by FileNet P8 Platform.
To configure Process Engine security
Content Engine URI | The URI (Uniform Resource Identifier) identifying a Content Engine server in the FileNet P8 domain. |
Service username pe_service_user |
A valid user name. Process Engine uses pe_service_user when connecting to the Content Engine server. This user must:
TIP For detailed instructions on changing the Service Username when security has already been configured, see below. |
Service username password |
The password of pe_service_user. Empty or null passwords are not allowed. NOTE You must re-enter the password each time you make changes to the security configuration. If the pe_service_user password changes after you have configured security, Process Engine on each server will fail. If this occurs, update the password and restart all servers in the Process Engine system. |
Administrator group pe_admin_group |
A valid group name. Members of pe_admin_group automatically have administrative privileges for Process Engine. TIP For detailed instructions on changing the Administrator Group (pe_admin_group) when security has already been configured, see below. |
Configuration group pe_config_group |
(Optional) A valid group name. Members of pe_config_group automatically have configuration privileges for the Process Engine workflow database. If a group name is entered, members of pe_config_group or the Process Engine Administrator Group (pe_admin_group) can make configuration changes to the workflow database. If this is left blank, anyone can make these changes. |
Debug | Indicates whether debugging information is provided. Do not turn on debugging unless you are directed to do so by your service representative. |
To change the service user or administrator group when Process Engine security has already been configured
The group membership requirements on the user assigned to the Service Username can make changing the service user and Process Engine Administrator Group at the same time seem complicated. The important thing to remember is to not delete the existing user or group from your directory service until the change is complete.
Use the example below to help you coordinate the necessary changes. Use a similar procedure if you are simply changing or moving the administrative group without changing the service user.
Service user | Administrative group | |
---|---|---|
Current | Administrator | Domain Admins |
New | PEAdmin | PEAdministrators |
Each isolated region has a password associated with it. The password ensures that requests received by the Process Engine server are legitimate. The password you enter here must match the password entered when creating an isolated region object using Enterprise Manager.
To set a password for an isolated region
TIP Use the vwtool regions command to view the regions that exist in the workflow database.