User Access

User access to workspaces

IBM® AD workspaces that are created in IBM AD Configuration Server contain IBM AD projects. When a workspace is created in IBM AD Configuration Server, by default, it is public. Configuring user access to workspaces can restrict user access to projects from IBM AD Analyze Client and IBM AD Build Client. To configure the user access to this workspace, add the credentials of only the users who must have access to its projects. User names are case-sensitive in IBM AD Configuration Server.
Note: IBM AD workspaces are defined within an environment in IBM AD Configuration Server. For any given environment, the workspace set as the default is the workspace where projects are published automatically at build time. Only one IBM AD workspace at a time can be set to be the default for a given environment.

For more information about user access to workspaces, see Managing workspaces' access rights.

Windows service access and User access to folders

The following table shows the required access to folders by different IBM AD server and client components. The access type of write, where specified, implies being able to also delete and create files.

By default on WindowsWindows, IBM AD server components, which run as Windows services, are configured to run using the credentials of the Windows Local System account ID of the machine on which they are installed. If any folder locations that are defined in your environment and listed in the following table as requiring access by a server component are not accessible to the IBM AD server's Local System account ID, you can go to the Properties dialog box of one or more of the IBM AD server services, and then configure the services to run using the credentials of a different ID that does have appropriate access to the necessary folder locations. Additionally, when using such a non-default service ID to run IBM AD services, on the server machine, the service ID must be granted the Log on as a batch job and Log on as a service local rights.

For IBM AD Analyze Client and IBM AD Build Client, grant access to the logged on Windows user that is running the component.

Important: When configuring and using IBM AD components, not only the folder locations, but also the format or nomenclature of how those folder locations are written is important. In most situations, the format of how a folder's location is specified in IBM AD Build Client when creating and updating a project is the same format that is used by other components when trying to access that project folder and the folders and files within it. Similarly, when using z/OS® connections and retrieving source assets from a z/OS system by using IBM AD Connect for Mainframe, the format of how the path for the retrieved members is specified in the IBM AD configuration process is used when components access source code and other assets that have been retrieved from z/OS.
Component Folder Required access Note
IBM AD Analyze Client IBM AD Analyze Client user's Eclipse installation folders Read and write  
IBM AD Analyze Client user's Eclipse workspace folders Read and write  
IBM AD Build Client Project folders Read and write  
Configuration folders for z/OS connections Read and write  
Source code folders Read and write  
IBM AD Batch Server The Indexes folder Read and write  
IBM AD Batch Server Batch Server installation folder Read and write  
Project and source folders Read and write  
IBM AD File Service The source file folders that are specified through local parameters in conf.yaml Read  
IBM AD Manual Resolutions Service The folder of journal files that is specified in conf.yaml Read and write  
IBM AD Search Service The folder of index files that is specified in conf.yaml Read