For users of the Advanced Edition of IBM® InfoSphere® MDM, if you have enabled user security for the operational server and if you are using both the virtual MDM and physical MDM, you must take steps to configure security for users and user groups on the virtual MDM.
It is important to recognize that in certain respects the user management for physical MDM is distinct from user management for virtual MDM. For the operational server and all client applications to function smoothly, the application server must be aware of all of the users and user groups within both the physical MDM and the virtual MDM. You do not need to do additional configuration to enable the default users and user groups for physical MDM, but for the virtual MDM users and user groups, additional configuration is required.
mdm_admin - Administrative role that is equivalent to a super user.
mdm_default - Allows user access to the application server container without granting them specific permissions.
mdm_all_ops - Allows user access to all MDM application operations.
mdm_all_cvws - Allows user access to all composite views.
mdm_all_ixns - Allows user access to all MDM interactions.
mdm_all_segs_rw - Allows read and write access to all segments.
mdm_all_segs_ro - Allows read only access to all segments.
If a client application attempts to connect to the operational server using user credentials that have not been added to the necessary user group, the operational server returns an EPERM error that indicates a problem with permissions. The EPERM errors are not written to log files for the API. Instead, ensure that your application handles the error and informs the user.