The Advanced page in the Security tab of the Administration Console provides access to settings that identify specialized administrative user IDs and passwords and additional security features that apply to the entire WebFOCUS installation.
Settings on the Advanced page identify the ID of the Anonymous User, which is invoked when users select the Public Access link from the sign-in screen. Settings on this page also identify the ID and password of the Root User, who is the Superuser that maintains unlimited access to WebFOCUS. The Root User serves as a fallback when all other users are locked out or whenever a user with all-access permissions is required to maintain system operations.
Specifies whether the same user can have multiple sign-ins, which are authenticated sessions, open simultaneously. When this check box is selected, (True), a user can have multiple authenticated sessions open simultaneously. When it is cleared, (False), a user can have only one authenticated session open at a time.
The ability to maintain multiple open authenticated sessions per user is available only in the Enterprise Edition of WebFOCUS. Other editions allow only one open authenticated session per user.
Specifies the user ID of the administrator or superuser. When Root User (IBI_Admin_Name) and Root Password (IBI_Admin_Pass) are set, this user is given ALL permissions, regardless of other policies set within the system. Typically, this user ID is used under limited circumstances and removed when no longer needed.
Specifies the password of the administrator or superuser.
Specifies the user ID that the WebFOCUS Client uses to connect to the Server for anonymous, or unauthenticated, requests. Used when you sign in as a Public User. For more information on configuring the Server, see TIBCO WebFOCUS Server Settings.
Contains the password used by the anonymous user for connections to the Server. This applies to all authentication types. Used when you sign in as a Public User.
Specifies the user ID that the WebFOCUS Client uses for unauthenticated requests. By default, the value is public.
By default, the WebFOCUS Client supports anonymous, or unauthenticated, access to resources made available to users in the Anonymous group, as well as to procedures on the WebFOCUS Server. The Server credentials used by this setting are specified by Reporting Server Anonymous User ID (IBI_WFRS_Anonymous_User) and Reporting Server Anonymous Password (IBI_WFRS_Anonymous_Pass).
Note: This setting is relevant only to the Enterprise Edition, which is the only edition that supports anonymous user access.
If set, specifies the user ID used to obtain authorization for the anonymous user from an external security provider.
Note: This setting is relevant only to the Enterprise Edition, which is the only edition that supports anonymous user access.
When this check box is selected (True) and your installation of WebFOCUS uses an external or pre-authentication method, named anonymous users are allowed. If the user is not in the repository and does not pass the IBI_ALLOW_LOGIN_EXTERNAL_GROUPS setting, the sign-in will complete, and the user will have the same authorization as a public user within WebFOCUS. The user will not be added to the database and cannot be added to any groups or be shared with. Such users are considered public users within WebFOCUS, although their user IDs will be tracked in the session monitor. Authorization on the Server is based on the explicit user ID. The default value is False (check box cleared).
If the user is registered in WebFOCUS, but no longer passes the IBI_ALLOW_LOGIN_EXTERNAL_GROUPS setting, the user will still be treated as a named anonymous user.
Note: This setting is relevant only to the Enterprise Edition, which is the only edition that supports anonymous user access.
The default value is True (check box is selected), which enables users to change their own passwords. You may wish to disable this ability under certain circumstances. For example, your system may authenticate users against an external system that will not allow them to change their passwords through WebFOCUS.
Used for multi-tenant implementations, where group administrators are allowed to create users for the groups they administer. This setting specifies whether or not a namespace is added as a prefix or suffix to user names when created by a group administrator.
For example, if a Group Administrator signs in as tenant1\groupadmin, tenant1 is the namespace for this Group Administrator and all of the users for whom this Group Administrator is responsible. When creating users, the namespace of the Group Administrator is automatically prepended to all new user names when created: tenant1\username.
For example, if a Group Administrator signs in as groupadmin@tenant1.com, the namespace of the Group Administrator is tenant1.com. The namespace of the Group Administrator is appended to all new user names when created: username@tenant1.com.
The additional level of identification provided by the use of a namespace helps prevent conflicts when the same name is assigned to users in more than one group, and supports SaaS installations that assign users to multiple Tenant Groups.