In addition to the WebSphere business integration administrator account with which you log in to administer the system, an InterChange Server environment requires three types of authorization:
Figure 18 illustrates the login requirements.
Figure 18. InterChange Server authorization requirements
The next sections describe each type of authorization that is shown in Figure 18..
When role-based access control (RBAC) is active, an application client program such as an adapter must supply a user name and password in order to interact with the application. To set up an InterChange Server environment, you need application accounts for all IIOP and MQ adapters that you want to run. By default all such adapters have an application account with username guest and password guest. If RBAC is inactive the login accounts for all adapters are unused. In the current version of the server authentication is supported only for IIOP and MQ adapters, other types of adapters do not do not require login verification regardless of the RBAC status.
When you configure an adapter, you specify the application account name and password as values for the standard adapter properties, ApplicationUserName and ApplicationPassword. For more information about configuring an adapter, see the System Administration Guide.
A password protects each InterChange Server from unauthorized access only if RBAC is on. When RBAC is on, the password is required:
There is no default login account and you must create an account with a password prior to first accessing the InterChange Server.
Figure 19 illustrates the InterChange Server password.
Figure 19. InterChange Server password
For information on how to use System Manager to change the password, see the Implementation Guide for WebSphere InterChange Server.
In the UNIX environment with RBAC turned on, you must provide the ICS password for all tool scripts, including repos_copy and connector_manager_connector. Include the -ppassword option in these scripts. The script command line must contain the ICS password or the associated tool cannot start. When RBAC is switched off any login information is ignored, thus the same script can be used regardless of RBAC status.
When you set up an InterChange Server account in the Database Management System (the DBMS access account), you can use the default user name and password or change them to other values.
If you prefer to change the user name and password, enter the new values in the InterChange Server configuration file, InterchangeSystem.cfg. The TRANSACTIONS, REPOSITORY, EVENT_MANAGEMENT, FLOW_MONITORING, and SECURITY sections of the InterchangeSystem.cfg file can contain a USER_NAME and PASSWORD parameter.
Be sure that the account that you specify in the InterchangeSystem.cfg file matches an account that is defined in the DBMS.
If InterChange Server is using one data source, fill in the same user name and password for all five services.
The following is an InterchangeSystem.cfg file fragment that shows the user name interchange and the password server:
DB2 |
---|
[REPOSITORY] DATA_SOURCE_NAME = jdbc:db2:CwldDB USER_NAME = interchange PASSWORD = server [EVENT_MANAGEMENT] DATA_SOURCE_NAME = jdbc:db2:CwldDB USER_NAME = interchange PASSWORD = server [TRANSACTIONS] DATA_SOURCE_NAME = jdbc:db2:CwldDB USER_NAME = interchange PASSWORD = server [FLOW_MONITORING] DATA_SOURCE_NAME = jdbc:db2:CwldDB USER_NAME = interchange PASSWORD = server [SECURITY] DATA_SOURCE_NAME = jdbc:db2:CwldDB USER_NAME = interchange PASSWORD = server |
Oracle |
---|
[REPOSITORY] DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@myserver:1521:CWLD USER_NAME = interchange PASSWORD = server [EVENT_MANAGEMENT] DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@myserver:1521:CWLD USER_NAME = interchange PASSWORD = server [TRANSACTIONS] DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@myserver:1521:CWLD USER_NAME = interchange PASSWORD = server [FLOW_MONITORING] DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@myserver:1521:CWLD USER_NAME = interchange PASSWORD = server [SECURITY] DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@myserver:1521:CWLD USER_NAME = interchange PASSWORD = server |
If you partition InterChange Server's database, as described under "Partitioning database use", you must add the user name and account for each data source to the InterchangeSystem.cfg file. You can use the same user name and password for all services or create a separate account for each service. The account must have the privilege to create tables.
The following example is an InterchangeSystem.cfg file fragment. In this environment, each service uses a different data source and has a different user name and password:
DB2 |
---|
[REPOSITORY] DATA_SOURCE_NAME = jdbc:db2:ReposDB USER_NAME = cwrepos PASSWORD = passwrd1 [EVENT_MANAGEMENT] DATA_SOURCE_NAME = jdbc:db2:EventsDB USER_NAME = CWevent PASSWORD = passwrd2 [TRANSACTIONS] DATA_SOURCE_NAME = jdbc:db2:TransDB USER_NAME = CWtrans PASSWORD = passwrd3 [FLOW_MONITORING] DATA_SOURCE_NAME = jdbc:db2:FlowDB USER_NAME = CWflow PASSWORD = passwrd4 [SECURITY] DATA_SOURCE_NAME = jdbc:db2:SecuDB USER_NAME = CWSecu PASSWORD = passwrd5 |
Oracle |
---|
[REPOSITORY] DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@server2:1521;SID=ReposDB USER_NAME = cwrepos PASSWORD = passwrd1 [EVENT_MANAGEMENT] DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@server2:1521;sid=EventsDB USER_NAME = CWevent PASSWORD = passwrd2 [TRANSACTIONS] DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@server2:1521;SID=TransDB USER_NAME = CWtrans PASSWORD = passwrd3 [FLOW_MONITORING] DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@server2:1521;SID=FlowDB USER_NAME = CWflow PASSWORD = passwrd4 [SECURITY] DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@server2:1521;SID=SecuDB USER_NAME = CWsecu PASSWORD = passwrd5 |