Access control
Access control involves authentication and authorization.
The following list shows the different middleware and Financial Transaction Manager components that have security
information that is related to the access control security category.
- Operations and Administration Console (OAC)
- The OAC can be used to define and manage roles and users in Financial Transaction Manager.
- Database
- The FTM database contains configuration, financial, and log information. Ensure that access is limited only to users that are authorized to work with this information.
- File system
- Depending on your workflow, the file system might contain configuration, financial, and log information. Also, the log files for middleware components such as IBM® MQ, IBM App Connect Enterprise, and WebSphere® Application Server, might contain personally identifiable (PI) data. Ensure that access to specific files and directories is limited only to users that are authorized to work with the information.
- WebSphere Application Server
- The reference implementation uses the WebSphere Application Server internal federated repository to manage users, but other repositories can be used. You can also use single sign-on in WebSphere Application Server for authentication.