Users

Users are specific, named IDs that allow you to identify yourself to the server. When a client attempts to connect to the server, it presents a set of credentials to identify itself as a particular user. These credentials can either be a username and corresponding password, or an OAuth 2.0 access token containing a username (see Authentication Using OAuth 2.0).

Note: In special cases, you may wish to allow anonymous access to the server. In this case, a connect request does not have to supply a username or password. To configure the server to allow anonymous logins, you must create a user named anonymous and specify no password. Anonymous logins are not permitted unless the anonymous user exists.

Clients logging in anonymously are only able to perform the actions that the anonymous user has permission to perform.

Users are the basis for access control in the EMS server. Users can be assigned server-wide administrative permissions and destination-level permissions. These permissions dictate what actions the user can perform once connected to the EMS server.

There is one predefined user, admin, that performs administrative tasks, such as creating other users.

You can create and remove users and change passwords by specifying the users in the users.conf configuration file, using the tibemsadmin tool, or by using the administration APIs. For more information about specifying users in the configuration file, see users.conf. For more information about specifying users using the tibemsadmin tool, see EMS Administration Tool. For more information on the administration APIs, see the online documentation.

EMS can also obtain user information from an external directory (such as an LDAP server), or an OAuth 2.0 access token presented by the connecting client. Such externally-configured users must be defined and managed directly via the external directory or OAuth 2.0 provider.