Planning users
Many types of users are involved in planning, installing, customizing, and configuring Financial Transaction Manager. For maximum security, limit the access rights of users so that they can access only those system resources that are needed to do the activities to which they were assigned.
To restrict access to resources used by Financial Transaction Manager, such as files, database tables, and IBM® MQ resources, you must set up user groups to limit such access.
The recommended user groups are shown in the following table.
User | Description | Authorization |
---|---|---|
Installer | This user does the following tasks.
|
User ID: root |
Db2® administrator | This user configures and maintains Db2 resources,
including those resources that are needed by FTM, and carries out the following tasks:
|
This user requires the following authorization on the runtime system on which the
database is located.
|
Db2 fenced user | This user runs the scripts that are generated to load and update the FSM, configuration, and operational data in the FTM database. | For more information about the authorization details, see the Script load (application installation) operational component information in FTM Database permissions. |
IBM MQ administrator | This user configures and maintains IBM MQ queues and queue managers, including those queues and queue managers that are needed by FTM. | This user requires the following authorization on the runtime systems.
The If queue manager security is activated, this user must have the right to define queues and channels. |
IBM App Connect Enterprise administrator | This user configures the integration nodes that are used by FTM.
|
This user requires the following authorization on the runtime systems.
The |
WebSphere® Application Server administrator | This user authorizes the installation of the FTM
OAC enterprise application, and uses the administrative console to:
|
This user must be part of the configured external user registry (for example, LDAP) of the WebSphere Application Server environment and have the administration and security roles in the WebSphere Application Server environment. This user does not need to be defined in the local operating system. |
DB data accessor for FTM Runtime (Integration node) | This user authenticates the JDBC and ODBC connections between an FTM integration node application and the runtime database. | For more information about the authorization details, see FTM Database permissions. |
DB data accessor for FTM OAC (WebSphere Application Server) | In the application server authentication alias for JDBC data sources, this user authenticates the connection between the FTM OAC enterprise application on WebSphere Application Server and the runtime database. | For more information about the authorization details, see FTM Database permissions. |
Usage report user | This user runs the usage report tool. | For more information about the authorization details, see Table 14 in FTM Database permissions. |