Use the Security tab to configure the Process Engine (PE) security connection and to set the region password.
PE relies on a Content Engine (CE) server for authentication and directory service access (for example, performing queries for user and group information). Configuring the PE security connection involves specifying a CE server for this purpose.
You must configure or update PE security after:
For information about how security accounts are documented using display names and variable designators, see Users and groups required by FileNet P8 Platform.
To configure PE security
Content Engine URI | The URI (Uniform Resource Identifier) identifying a CE server in the FileNet P8 domain. |
Service username pe_service_user |
A valid user name. PE uses pe_service_user when connecting to the CE server. This user must:
TIP For detailed instructions on changing the Service Username when security has already been configured, see below. |
Service username password |
The password of pe_service_user. Empty or null passwords are not allowed. NOTE You must re-enter the password each time you make changes to the security configuration. If the pe_service_user password changes after you have configured security, PE on each server will fail. If this occurs, update the password and restart all servers in the PE system. |
Administrator group pe_admin_group |
A valid group name. Members of pe_admin_group automatically have administrative privileges for PE. TIP For detailed instructions on changing the Administrator Group (pe_admin_group) when security has already been configured, see below. |
Configuration group pe_config_group |
(Optional) A valid group name. Members of pe_config_group automatically have configuration privileges for the PE workflow database. If a group name is entered, members of pe_config_group or the Process Engine Administrator Group (pe_admin_group) can make configuration changes to the workflow database. If this is left blank, anyone can make these changes. |
Debug | Indicates whether debugging information is provided. Do not turn on debugging unless you are directed to do so by your service representative. |
To change the service user or administrator group when PE security has already been configured
The group membership requirements on the user assigned to the Service Username can make changing the service user and Process Engine Administrator Group at the same time seem complicated. The important thing to remember is to not delete the existing user or group from your directory service until the change is complete.
Use the example below to help you coordinate the necessary changes. Use a similar procedure if you are simply changing or moving the administrative group without changing the service user.
Service user | Administrative group | |
---|---|---|
Current | Administrator | Domain Admins |
New | PEAdmin | PEAdministrators |
Each isolated region has a password associated with it. The password ensures that requests received by the PE server are legitimate. The password you enter here must match the password entered when creating an isolated region object using Enterprise Manager.
To set a password for an isolated region
TIP Use the vwtool regions command to view the regions that exist in the workflow database.