Information Management IBM InfoSphere Master Data Management, Version 11.3

Managing users

A set of tools available with IBM® InfoSphere® MDM allow you to manage users and secure your applications.

InfoSphere MDM installs an operational server within the application server. The current version of InfoSphere MDM requires that administrative security and application security are enabled for the application server. In prior versions of the product (for example, InfoSphere MDM Server version 10.1), you could choose to run without application server security turned on; that option is no longer available.

In contrast with application server security, business transaction access control within the operational server is off by default for both the Standard Edition and the Advanced Edition of InfoSphere MDM. You can enable it by changing the /IBM/DWLCommonServices/Security/enabled setting using the Configuration and Management components.

To create and populate user groups, use the IBM WebSphere® Application Server administrative console or your LDAP interface.

In addition to the managing users by setting business transaction access control and by managing user groups, you can configure a setting called TrustedClientMode: /IBM/DWLCommonServices/Security/TrustedClientMode/enabled.

By default, the value is false, which indicates that the InfoSphere MDM operational server processes a requested transaction using the identity of the user who calls the service (for example, the user who is authenticated by the container). If you set the value to true, the operational server processes the requested service using the identity that is specified in the requesterName property of the DWLControl. The parameter is provided to enable backward compatibility because, prior to InfoSphere MDM version 11.0, the user name set in the requesterName property of the DWLControl was always used. In other words, if the value is true, the operational server does not retrieve the user group information; instead, it trusts the client to put the roles into any message requests.

Note that if your implementation uses the virtual MDM, the value for /IBM/DWLCommonServices/Security/TrustedClientMode/enabled must be false.

Use the Configuration and Management components to edit the value.

  1. Enabling user security for the operational server
    User security for the operational server is disabled by default for both the Standard Edition and the Advanced Edition of InfoSphere MDM. You can enable it by changing the /IBM/DWLCommonServices/Security/enabled setting.
  2. Configuring users and user groups for virtual MDM
    For users of the Advanced Edition of IBM InfoSphere MDM, if you have enabled user security for the operational server and if you are using both the virtual MDM and physical MDM, you must take steps to configure security for users and user groups on the virtual MDM.
Related concepts:
Managing user groups and transactions with the Administration application
User accounts and groups created by the installer
Default user accounts
Setting and administering the security service

Last updated: 27 June 2014