The way that IBM® Business Process Manager handles security for users and groups depends on whether you are using IBM Business Process Manager Advanced or IBM Business Process Manager Standard.
IBM Business Process Manager Standard includes an internal security provider, which you can use to create and maintain IBM BPM users and groups as outlined in the following sections. You can also use the internal IBM BPM security provider in conjunction with an external security provider (such as LDAP with Microsoft Active Directory) that you have registered with the IBM BPM embedded application server.
When you use the internal IBM BPM security provider in conjunction with an external provider, the users and groups from both providers are available for selection from IBM BPM Standard components. The users from the internal provider cannot be added as a part of groups from an external provider.
For network deployments, the internal security provider manages groups only; it does not manage users. The users are managed by the federated file repository.
Task | Interface | To learn more.. |
---|---|---|
Granting access to the repository | Process Center Console | See "Managing access to the Process Center repository" in the related links. |
Binding users to participant groups during process development | Designer in Process Designer | See "Creating a participant group" in the related links. |
Binding users to participant groups at run time | Process Admin Console | See "Configuring installed snapshots" in the related links. |
IBM BPM does not lock user accounts after a configurable number of failed authentication attempts. Note that end user accounts are managed in a user repository (typically LDAP connected to Federated Repositories). IBM BPM is just one of many client systems to the user repository. The user repository is the system of records for the user accounts and therefore has to define rules such as password lock policy. For IBM Tivoli Directory Server, you can read more about password policies at http://www.ibm.com/developerworks/tivoli/library/t-tdspp-ect/ If you are using the IBM BPM Internal Security Provider, there is no policy for locking users after a number of failed authentication attempts.