Security in a Windows domain environment

An example that uses a Windows domain group topology to run IBM® App Connect Enterprise in a Windows domain environment.

1. Design your authorization group categories, and define domain groups on the domain controller system that correspond to these authorization categories, by using Windows security.
   For example, suppose that you have a single domain that contains three distinct sets of systems, which are used in development, testing, and production. Within your organization, various user roles require different levels of authorization to IBM App Connect Enterprise resources on those systems.

   Here is an example of how those authorization categories might map to domain groups:

   Domain group	Description
   ADM-MBprd	IBM App Connect Enterprise administrator authorities on production systems
   ADM-MBuat	IBM App Connect Enterprise administrator authorities on test systems
   ADM-MBdev	IBM App Connect Enterprise administrator authorities on development systems

2. Define and configure domain user accounts on the domain controller, by using Windows security.
   Add each domain user account to one or more domain groups to configure the access for that account. For example:

   Table 1.

   Domain user account	Role	Domain group membership
   MBadmPRD	IBM App Connect Enterprise administrator for production systems	ADM-MBprd
   MBadmUAT	IBM App Connect Enterprise administrator for test systems	ADM-MBuat
   MBadmDEV	IBM App Connect Enterprise administrator for development systems	ADM-MBdev
   john.smith	IBM App Connect Enterprise administrator for test and development systems	ADM-MBuat, ADM-MBdev

3. Install and configure IBM App Connect Enterprise on domain workstations.
   1. Install IBM App Connect Enterprise on the workstation.
   2. Add your domain groups to the local mqbrkrs group as appropriate.
      In this example, if a particular workstation is to serve as a development system, add the domain group ADM-MBdev to the local mqbrkrs group.