Service Run-As

There are often cases where Services require specific user permissions to access needed resources. By creating the Engine process as a given user, all Service invocations executed by the Engine can operate with these permissions. Service Run-As (or RA) allows for specification of authentication domain accounts under which Service invocations execute.

By default, all RA credentials authenticate on the Engine Daemon to verify that the credentials are valid for the Engine’s authentication domain. You can disable Service RA authentication on the Broker, but do so only when you have a specific reason. For example, if you are using Kerberos or Windows authentication, you must disable this if your Drivers have Negotiate enabled, since there is no password available.

Did you find this helpful?

Yes No