Using Run-As
To use Run-As, you must do three things: set up Engines, add credentials, and associate credentials with Service Types.
Engine Setup
For information about how to set up Engines for Service run-as, see “Configuring Run-As for Windows Engines” and “Configuring Run-As for UNIX Engines” in the GridServer Installation Guide.
Managing Credentials
The Credentials DB is a store of RA credentials on the Director and Brokers used for RA services. It is maintained on the Director and synchronized with Brokers.
The Run-As Credentials page in the Administration Tool lets you create, edit, and delete RA credentials.
To add new Credentials to your Manager:
Procedure
| 1. | In the Administration Tool, go to Admin > User Admin > Run-As Credentials. |
| 2. | Enter the name of a credential, a password, and then enter the same password again. |
| 3. | Click Add. |
Managing Run-As in Service Types
The Service Type Registry entries allow specification of an RA user name for use with that Service. To specify a Run-As user for a Service Type:
Procedure
| 1. | In the GridServer Administration Tool, go to Services > Services > Service Types. |
| 2. | Select an existing Service Type, click to the Actions control, and select Edit Service Type. This opens the Service Type Editor window. |
| 3. | In the Service Type Editor window, under the ContainerBinding header, enter the user name in RunAsUser. |
Note that in this field, you can use $ to indicate the Driver’s current user. Leaving this value blank (the default) indicates that the process runs as the same user running the Engine Daemon.
If you are adding a user name that contains unicode characters, you must change to the correct code page to match the user name.
The Specify Additional RunAs User permission is needed to specify a user other than the Driver or Engine Daemon process.
It is also possible to specify a Windows domain in the RunAsUser field. For example, if you are using a UNIX Driver (which is not in a Windows domain) and you want to run Services on Windows Engines using a specific user and domain, you can specify this in the form domain/username. The forward slash translates to a backslash. For example, specifying DATASYNAPSE/BILL runs Services as the user BILL in the DATASYNAPSE Windows domain (DATASYNAPSE\BILL).