FTL Server Authorization Groups
A username may belong to several authorization groups (also known as roles). The following table specifies authorization group requirements. Configure authorization groups either in the JAAS file or the flat file of the authentication service.
When using a JAAS authorization service, the name of the JAAS realm must be tibftlserver.
| Authorization Group | Usage |
|---|---|
| ftl |
FTL servers require client programs to authenticate with usernames in the authorization group ftl. Note: When you run the gateway service, ensure that the user is in the ftl authorization group.
|
| ftl-admin | Authenticated users in the authorization group ftl-admin can execute administrative operations, modify the realm definition, and view monitoring pages. |
| ftl-guest | Authenticated users in the authorization group ftl-guest can view realm definition and monitoring pages. However, they cannot execute administrative operations nor modify the realm definition. |
| ftl-internal |
FTL servers require affiliated FTL servers to authenticate with a username in the authorization group ftl-internal. This authorization group must include usernames for the following types of servers: primary servers - Affiliated satellite servers and disaster recovery servers require the primary server to authenticate with a username in this authorization group. satellite servers - The primary server requires its satellite servers to authenticate with usernames in this group. disaster recovery servers - The primary server requires its disaster recovery server to authenticate with a username in this group. |
ftl-primary,
ftl-satellite,
ftl-backup,
ftl-dr are obsolete. For each of these, use
ftl-internal instead.