An account that Content Platform Engine uses to establish a connection with the application server, access the application server's JNDI tree, look up the data sources for accessing the GCD, and start up Content Platform Engine background tasks.
Content Platform Engine uses this account to authenticate to the application server and access the data sources named in the GCDConnection property. Content Platform Engine will not be able to start if this user is not able to authenticate.
In keeping with the principle of granting to an account only those permissions necessary to accomplish its purpose, do not use the cpe_bootstrap_admin account to serve in the role of gcd_admin. This can happen if you log in as cpe_bootstrap_admin the first time you start IBM® Administration Console for Content Platform Engine following initial installation. Doing this places cpe_bootstrap_admin on the security tab of the FileNet P8 domain object with Full Control access rights. The result is that the cpe_bootstrap_admin is functioning as the gcd_admin. This is not a recommended configuration. If it is your configuration, consider using IBM Administration Console for Content Platform Engine to add a new gcd_admin account to the security of the FileNet P8 domain object, making sure to grant Full Control to the P8 domain, and then removing the cpe_bootstrap_admin from the security tab of the P8 domain.
To make sure it is not misused or locked out by accident, do not use cpe_bootstrap_admin as an all-purpose account. For example, if a user tried to log on to some other application using the cpe_bootstrap_admin account and provided the wrong password several times, thereby exceeding the number of allowable login failures, this account could be locked out of the directory server, depending on your local policies. This would mean that Content Platform Engine would not start.
If possible, exempt cpe_bootstrap_admin from policies requiring periodic password change.
If you change your system's login parameters so that the cpe_bootstrap_admin credentials are no longer valid, the result would be that Content Platform Engine will not be able to start. For example, if you modified the User Short Name Attribute or User Search Filter, in the application server's authentication provider and in the IBM Administration Console for Content Platform Engine P8 Domain Properties > Modify Directory Configuration > User property sheet, from samAccountName to distinguishedName, you would also need to use the Configuration Manager bootstrap task to make the same change in the Content Platform Engine EAR file.