Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 4 TIBCO BusinessConnect User Management : TIBCO BusinessConnect User Management

TIBCO BusinessConnect User Management
The user management capabilities of TIBCO BusinessConnect are integrated with the user management capabilities of TIBCO Administrator. After a user is created and given access rights to one or more components of TIBCO BusinessConnect using TIBCO Administrator User Management, that user can be added to TIBCO BusinessConnect User Management and can have its access rights fine tuned with respect to trading partner, business agreement, log viewer, reports, and dashboard access.
With TIBCO BusinessConnect User Management, the access rights of a user can be reduced but never increased. For example, if TIBCO Administrator User Management is used to give a user read but not write access to the BusinessConnect > Participants component, you cannot use TIBCO BusinessConnect User Management to grant the user Update Access for a participant.
Participants Access Rights
Using TIBCO BusinessConnect User Management, the access rights of users can be further restricted by participant and business agreement. For participants (Host or Trading Partner), users can be assigned access rights to all participants or to particular participants. The following is a summary of the access rights users can be assigned to allow access to participant configurations under BusinessConnect > Participants:
Read Access   A user with read access to a participant can view that participant's configuration information.
Create Access (implies Read Access)   A user with create access can create new participants. The create access privilege can only be enabled for all participants.
Update Access (implies Read Access)   A user with update access to a participant can modify the configuration settings of an existing participant.
Delete Access (implies Read Access)   A user with delete access to a participant has the ability to delete the participant's configuration from TIBCO BusinessConnect.
Logs and Reports   This setting is used to further restrict the user access rights for Log Viewer or Reporting, granted using TIBCO Administrator User Management, to apply to particular participants. By default these access rights apply to all participants. This setting does not control the read and write access rights to the Log Viewer or Reporting. Read and write access rights to the Log Viewer and Reporting are controlled using TIBCO Administrator User Management.
Dashboard   This setting is used to further restrict the user access rights for Dashboard, granted using TIBCO Administrator User Management. This setting does not control the read and write access rights to the Dashboard.
Business Agreements Access Rights
For Business Agreements, users can be assigned access rights to all Business Agreements or to particular Business Agreements. The following is a summary of the access rights users can be assigned to allow access to Business Agreement configurations under BusinessConnect > Business Agreements tab:
Read Access   A user with read access to a business agreement can view that business agreement's configuration.
Create Access (implies Read Access)   A user with create access can create new business agreements. The create access privilege can only be enabled for all business agreements.
Update Access (implies Read Access)   A user with update access to a business agreement can modify the configuration settings of an existing business agreement.
Delete Access (implies Read Access)   A user with delete access to a business agreement has the ability to delete the business agreement's configuration from TIBCO BusinessConnect.
Default Access Rights
When TIBCO Administrator User Management is used to give a user access rights to TIBCO BusinessConnect Participants, Business Agreements, Log Viewer, Reporting, or Dashboard, the following describes the default mapping of those access rights under BusinessConnect User Management:
TIBCO BusinessConnect Users
TIBCO BusinessConnect Super User
In addition to the TIBCO Administrator Super User, a TIBCO BusinessConnect Super User can use TIBCO BusinessConnect User Management to add other TIBCO Administrator Users to TIBCO BusinessConnect and manage the access rights of those users. There must always be at least one TIBCO BusinessConnect Super User.
The TIBCO BusinessConnect Super User access rights are depicted in Table 4.
The TIBCO Administrator user who creates the TIBCO BusinessConnect installation is automatically the TIBCO BusinessConnect Super User.
To create a TIBCO BusinessConnect installation, a user must be one of the following:
A TIBCO BusinessConnect Super User can assign super user privileges to other TIBCO Administrator users who are TIBCO Administrator Super Users or TIBCO Administrator users with read and write access privileges to all of the TIBCO BusinessConnect components.
Figure 12 TIBCO BusinessConnect Super User
A TIBCO Administrator Super User will always be allowed full access to the configuration information of TIBCO BusinessConnect. However, the TIBCO Administrator Super User will not be automatically assigned to be a TIBCO BusinessConnect Super User unless it is the user who created the TIBCO BusinessConnect installation, or unless it has been explicitly assigned to be a TIBCO BusinessConnect Super User.
To delete a TIBCO BusinessConnect Super User from TIBCO BusinessConnect User Management, you must first remove the TIBCO BusinessConnect super user access right for this user.
If the user permissions set in TIBCO Administrator for BusinessConnect > (Participants, Business Agreements, Log Viewer, and Reporting) are either Read or no permissions, but the permissions set at BusinessConnect > User Management are higher (such as Create, Read, Update or Delete) for Participants, Business Agreements, Log Viewer, Dashboard, and Reporting, a warning is shown about the inconsistent permissions. Users are still allowed to save after this warning.
TIBCO BusinessConnect Internal User
The internal users are assumed to be communicating with TIBCO BusinessConnect inside the company firewall.
TIBCO Administrator with access rights to TIBCO BusinessConnect and its components can manually add Internal users to TIBCO BusinessConnect, or these users will be automatically added once they log in.
The new TIBCO BusinessConnect Internal user will have its corresponding access rights for TIBCO BusinessConnect User Management automatically set as described in the section Default Access Rights.
TIBCO BusinessConnect External User
After the TIBCO BusinessConnect Administrator sets up a trading partner, he can associate one or more external users with that trading partner.
These external users can log in using a web browser and start performing basic upload or download transactions with the Host, which their trading partner has an agreement with.
The external users can connect with PartnerExpress Service, Trading Community Management Service, SSH Service, and FTP Service that are hosted by the Gateway Server in the DMZ zone.
The external users can also be used for HTTP Basic Authentication and WSS Username Token Authentication for inbound transactions from trading partners.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved