Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 5 Granting Security Access to Objects : Security Overview

Security Overview
The Security console allows privileged users to manage authorization for other users in the system. Security access determines whether a user can perform an operation on a specific resource in an administration domain.
Select User Management > Security to display the console. The console allows you to set security access for users and roles to TIBCO Administrator consoles and applications, and to repositories in the Data Access folder. Members of the Super Users roles are also assigned in this console. Each console or application has a small key icon associated with it. The green icon indicates the currently logged in user can assign others access permissions for the corresponding console.
See also, Managing Access Rights for an introduction to Read, Write and Administer permissions.
Figure 20 Security Overview
Security Console Tree
The Security console allows the domain administrator user, a member of the Super User role, or a user with Administer permission to assign access permissions to consoles and repositories. The Security console tree has two main folders, TIBCO Administrator and Data Access.
A Super User role member has read, write, and administer access to all TIBCO Administrator consoles and applications and data. A Super User role member can add other users to the Super Users role.
TIBCO Administrator Folder
When you specify permissions on a folder in the TIBCO Administrator folder, the permissions cascade down to all lower level items contained in that folder.
For example, the next diagram shows Read and Write permissions are assigned to the TIBCO Administrator module for the Development role. An x displays in bold for TIBCO Administrator and in grey for all objects contained in TIBCO Administrator. A bold x indicates permissions were assigned directly. Each grey x indicates the permissions were inherited, not assigned directly, or that the user is a member of a role for which permissions have been specified.
Figure 21 TIBCO Administrator Folder
You can set permissions for just one object by clearing permissions on the module or console that contains it. For the above example, to set Write access only to the Machines console, you must first clear the Write check box for TIBCO Administrator and then select the Write check box for the Machines console.
You can also break cascading permissions by changing the Inherit Parent’s Security Settings option for an object. See Inherit Parent's Security Settings for details.
Data Access Folder
The Data Access folder contains folders that represent the domain repositories and application repositories. Each repository is displayed as a folder. Consequently permissions set on a repository apply only to that repository.
The Data Access folder allows privileged users to specify security access to its contained objects for other users. In particular, users who run the appManage command line utility and other command line utilities (see Utilities, Plug-ins and Modules) need Write access to these repository files.
A domain repository is used directly by the administration server, TIBCO Domain Utility and TIBCO Hawk agent. The domain repository contains data about the machines, registered software, users, roles, access control lists, application configurations and deployment history. In the case of a file-based domain, domain data is stored in the SYS_domain.dat and AUTH_domain.dat files.
Data stored in the SYS_domain.dat file is referred to as the administration domain while data stored in the AUTH_domain.dat file comprises the authorization domain. The authorization domain contains users, roles and data access ACLs. Everything else is stored in the administration domain: installed software, machines, applications, plugins, TIBCO Administrator ACLs, and so on. As such, the administration domain file is usually much larger than the authorization domain file.
TIBCO Administrator creates an application repository each time you deploy an application. An application repository contains information about the application’s configuration and its deployment configuration using Rendezvous, http, or https as transport.
Do not use a text editor to change these repository files! You can potentially lose all domain information or deployment information for all applications.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved