Realm Server Authorization Groups

A user name may belong to several authorization groups (also known as roles). The following table specifies authorization group requirements. Configure authorization groups either in the JAAS file or the flat file.

When using a JAAS authorization service, the name of the JAAS realm must be tibrealmserver.

Authorization Groups
Authorization Group Usage
ftl Realm servers require client programs to authenticate with user names in the authorization group ftl.
ftl-admin Authenticated users in the authorization group ftl-admin can view realm definition and monitoring pages. They can also modify the realm definition and execute administrative operations.
ftl-guest Authenticated users in the authorization group ftl-guest can view realm definition and monitoring pages. However, they cannot modify the realm definition nor execute administrative operations.
ftl-primary Affiliated realm servers require the primary server to authenticate with a user name in the authorization group ftl-primary.

Affiliated backup and satellite realm servers of the disaster recovery server require the disaster recovery server to authenticate with a user name in the authorization group ftl-primary, because it serves as their primary.

ftl-satellite The primary realm server requires its satellite servers to authenticate with user names in the authorization group ftl-satellite.
ftl-backup Each realm server requires its backup realm server to authenticate with a user name in the authorization group ftl-backup.
ftl-dr The primary realm server requires its disaster recovery realm server to authenticate with a user name in the authorization group ftl-dr.

You can suppress the requirements on group membership by specifying the command line flag ‑‑auth.disable.groups when you start the realm server.

Related concepts
Related tasks