Security Model - IIS user registry ( does it make sense)

Post questions here relative to DataStage Enterprise/PX Edition for such areas as Parallel job design, Parallel datasets, BuildOps, Wrappers, etc.

Moderators: chulett, rschirm, roy

Post Reply
sigma
Premium Member
Premium Member
Posts: 83
Joined: Thu Aug 07, 2008 1:22 pm

Security Model - IIS user registry ( does it make sense)

Post by sigma »

I have some questions on the security model in version 8.x.x

The security model that focuses on IIS user registry

It is my understanding that if one elects to use the IIS user registry then ONE CANNOT SHARE it with the websphere user registry.

That means security credentials have to be mapped on a user or group basis. I understand the roles mappings and how we can assign various roles.

So we essentially have to tie a datastage OS user to each of these groups.

To me that does not make a whole lot of worth. How would one trouble shoot if they are N users sharing the the same DS account.

I am hoping there are others who have setup the IIS user registry

More importantly this model simply shifts the burden of user management from the UNIX level the the tool level but at the cost of difficult to troubleshoot as in unix it will be all the same account for a bunch of individuals.

Does it even makes sense or do most customers of the product use the websphere user registry and manager users at the OS level
Top
sigma
Premium Member
Premium Member
Posts: 83
Joined: Thu Aug 07, 2008 1:22 pm

Post by sigma »

I have configured our test environment for now to use the IIS user registry but in the process of setting the security and roles, I had to assign ds users which is even it raised my above notes
Top
ray.wurlod
Participant
Posts: 54607
Joined: Wed Oct 23, 2002 10:52 pm
Location: Sydney, Australia
Contact:
Contact ray.wurlod

Post by ray.wurlod »

It is not necessary that operating system user IDs exist. DataStage users can be created as ordinary Information Server users and the roles and credentials managed through Information Server. Such is the site where I am currently working.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Top
sigma
Premium Member
Premium Member
Posts: 83
Joined: Thu Aug 07, 2008 1:22 pm

Post by sigma »

This is what I found out

For information Analyser you can setup user in the console without needing any datastage users ( and may be that is what you meant.. sorry if I misunderstood your response)

For datastage and qualitystage user setup for most part we still have the pirmary model of 7.5.x under the hood, so unix accounts are needed and have to be managed as part of unix groups.

We could get away by creating groups and users based on only a few unix accounts and groups

The group concept in the console is different and is not the same as creating a unix group
Top
Post Reply

Return to “IBM<sup>®</sup> DataStage Enterprise Edition (Formerly Parallel Extender/PX)”