Managing IBM Business Process Manager users, groups, and teams
IBM® Business Process Manager uses the WebSphere® Application Server file registry, which you can use to create and maintain IBM BPM users and groups as outlined in the following sections.
You can also use the WebSphere Application Server file registry with an external security provider (such as LDAP with Microsoft Active Directory) that you registered with the IBM BPM embedded application server.
The WebSphere Application Server file registry includes several default users and groups.
When you use the WebSphere Application Server file registry with an external provider, the users, and groups from both providers are available for selection from IBM BPM Standard components.
Teams are used to define groups of users who can perform tasks. A team can be either defined as a static list of users and groups, or it can be defined dynamically by a team retrieval service. You can assign a team of managers to each team to define which people in the organization can perform managerial actions for the team.
| Task | Interface | To learn more |
|---|---|---|
| Granting access to the repository | Process Center Console | See Managing access to the Process Center repository. |
| Binding users to teams during process development | Designer in Process Designer | See Creating a team. |
| Defining who has managerial authority over a team | Designer in Process Designer | See Defining team managers. |
| Using services to define dynamic teams | Designer in Process Designer | See Using services to define dynamic teams. |
| Assigning an activity to a team | Designer in Process Designer | See Assigning activities. |
| Adding users and groups from an external provider to IBM BPM security groups | Process Admin Console | See Creating and managing groups. |
| Modifying existing teams at run time | Process Admin Console | See Configuring runtime teams. |
IBM BPM does
not lock user accounts after a configurable number of failed authentication
attempts. Note that end user accounts are managed in a user repository
(typically LDAP connected to Federated Repositories). IBM BPM is
just one of many client systems to the user repository. The user repository
is the system of records for the user accounts and therefore has to
define rules such as password lock policy. For IBM Tivoli Directory
Server, you can read more about password policies at 
http://www.ibm.com/developerworks/tivoli/library/t-tdspp-ect/ If
you are using the IBM BPM Internal
Security Provider, there is no policy for locking users after a number
of failed authentication attempts.