Administrative services

Security services

Security services support role-based authorization of users, access-control services, and encryption that complies with many privacy and security regulations. As Figure 1 shows, the console helps administrators add users, groups, and roles and lets administrators browse, create, delete, and update operations within InfoSphere Information Server.

Directory services act as a central authority that can authenticate resources and manage identities and relationships among identities. You can base directories on the InfoSphere Information Server internal directory, on external directories that are based on LDAP and Microsoft Active Directory, or Microsoft Windows and UNIX local operating systems.

Users use only one credential to access all the components of InfoSphere Information Server.

InfoSphere Information Server creates an audit trail of security-related events. This includes all activities that set or modify security-related settings and all user authentications and application logins. You can configure which audit events to log and how much information to include based on your auditing requirements. Security auditing trails assist in the detection of access to controlled information and application usage. Monitoring and analysis of the logged audit information can lead to improvements in the control of data access and helps to prevent malicious or careless unauthorized access to sensitive data or configuration settings. The monitoring of application and individual user access, including system administration actions, provides an historic record of activity. This information allows you to adjust user or group security roles to enable or prevent access to application features. This information can also assist in showing compliance with corporate security policies.

Auditing services create an audit trail of security-related events by logging the execution of the following types of activities:

• Creation and removal of users and groups
• Assignment or removal of a user from a group
• User password changes
• Changes to security roles assigned to users or groups
• Changes to user and group permissions on a project and the associated project-level security roles that are assigned
• Changes to engine credential mapping
• User login
• User logout
• Session termination
• Session timeout
• Changes to audit logging configuration settings

The creation and removal of users and groups, assignment or removal of a user from a group, and user password changes can be logged only if the User Registry Configuration is set to InfoSphere Information Server User Registry. This registry is also known as the InfoSphere Information Server internal user registry.

You can configure the location, size, name, and number of audit log files, as well as the events to log.

Log services

Log services help you manage logs across all of the InfoSphere Information Server suite components. The Web console provides a central place to view logs and resolve problems. Logs are stored in the common repository, and each InfoSphere Information Server suite component defines relevant logging categories.

You can configure which categories of logging messages are saved in the repository. Log views are saved queries that an administrator can create to help with common tasks. For example, you might want to display all of the IBM InfoSphere Information Services Director error events that were logged in the last 24 hours.

Figure 2 shows where logging reports can be configured in the IBM InfoSphere Information Server Web console. Logging is organized by server components. The Web console displays default and active configurations for each component.

Scheduling services

Scheduling services help plan and track activities such as logging and reporting and suite component tasks such as data monitoring and trending. Schedules are maintained by using the IBM InfoSphere Information Server console, which helps you define schedules; view their status, history, and forecast; and purge them from the system.