User accounts, groups, and defaults used by the installation application

When InfoSphere® MDM is installed, default users and user groups are created on the application server.

Users (stand-alone with Db2 installations only)

The following table lists the default user accounts and passwords created by the installation application during a stand-alone with DB2® installation. During a custom installation, you can define whatever user name and password values you would like.
Table 1. InfoSphere MDM user accounts
User name Password Description
mdmins11 mdmins11 If you perform a stand-alone installation on a Linux or UNIX operating system, this user name and password combination is created for your IBM® Db2 database.
Important: For security purposes, if you use the default mdmadmin password, you are encouraged to change the user password after installation.
db2admin db3Admin If you perform a stand-alone installation on a Microsoft Windows operating system, this user name and password combination is created for your IBM Db2 database.
Important: For security purposes, if you use the default db2admin password, you are encouraged to change the database password after installation.

Before you begin a custom installation of InfoSphere MDM, create a IBM WebSphere® Application Server profile with security enabled. The user name and password can be anything that you want.

Groups

The following table lists the groups and roles that are created by the installation application. You can add users to these groups through the IBM WebSphere Application Server Integrated Solutions Console (admin console).

Table 2. InfoSphere MDM user groups
InfoSphere MDM group Description
mdm_admin The Administrative role is equivalent to a super user. This group has full access to all interactions, operations, composite views, and attributes (segments).

The mdm_admin group is preconfigured to have full access to the MDM Workbench to import and deploy hub configurations, run Analytics reports, set user group permissions, and execute jobs on the hub.

mdm_default This role allows user access to the application server container without granting any user-specific permissions. The Default group has access to interactions USRGETINFO, GRPGETINFO, USRSETPASS and has read only access to segments USRHEAD, GRPHEAD, GRPXAPP, GRPXCVW, GRPXIXN, and GRPXSEG. This group is assigned to a user when they log in and if not currently a member of any other defined group. This group cannot be granted permissions through the MDM Workbench configuration editor. This group cannot be configured in the MDM Workbench.
mdm_all_ops This role allows user access to all InfoSphere MDM operations that are specific to an application, such as running certain administrative functions specific to the MDM Inspector application or enabling group members to access Web Reports.
mdm_all_cvws This role allows user access to all composite views of the most current attributes for any member that shares a common Enterprise ID. Granting access to the composite views only does not provide access to Web Reports, interactions, operations, or attributes (segments).
mdm_all_ixns This role allows user access to all InfoSphere MDM interactions, such as member interactions, task interactions, relationship interactions, and other interactions in the system. However, it does not grant access to Web Reports, operations, composite views, or attributes (segments).
mdm_all_segs_rw This role allows read and write access to all segments. This role provides permissions to perform edits and updates to records, such as editing attribute statuses, surviving entity ID numbers, and adding members to the database.

If you want a certain user to always have read/write permissions to all attributes, for example, then you can assign that user to the mdm_all_segs_rw group. Doing so gives the user permission to read and write all attributes regardless of any permissions that might also be granted using the Security:Groups tab. It does not grant permission to access Web Reports, interactions, operations, or composite views.
mdm_all_segs_ro This role allows read-only access to all segments. This role allows a user to search and view member records in MDM Inspector, but not to work on tasks. Granting a user permission to read only access to all segments does not grant access to Web Reports, interactions, operations, write permission to attributes, or composite views.

Other defaults used for stand-alone with Db2 installations

If you use a stand-alone with Db2 installation type, the installer uses a number of default values.

If you are installing on Linux or UNIX (for server deployments), the following defaults are used:
  • Db2 database name: MDM11DB
  • Db2 home directory: /home/mdmins11
If you are installing on Microsoft Windows (for workstation deployments), the following defaults are used:
  • Db2 database name: MDM11DB
Tip: For security reasons, after the installation is complete, ensure that the passwords of these default accounts are unique and different from the default values. For information about changing the passwords, refer to the relevant WebSphere Application Server and Db2 documentation.