IBM® Business Process Manager has an internal security provider that includes several default users and groups. For each default user account, default authentication aliases are provided for external components to connect to the Process Server.
| Default user account | Authentication alias | Description |
|---|---|---|
| default administrative user This user account is the user that you specified as administrator during installation of IBM Business Process Manager. This account is represented as "admin" in this section, but during installation you can assign any user as the administrator. |
BPMPrimaryAdmin_Auth_Alias | Provides full access to
all interfaces, enabling users to alter or delete all types of available
library items and assets, including process applications and toolkits.
This account also enables administration of Process Servers, Performance
Data Warehouses, and internal users and groups. Important: Make sure that the admin default user is added to
the tw_admins group to allow the admin user to deploy
Process Applications on the Process Center server.
The admin user account must be included in all the groups.
|
| tw_admin (deprecated) | BPMAdmin_Auth_Alias | Although this account is deprecated, and
the preferred default user account is admin, the tw_admin account
is still available for compatibility with earlier versions of the
product. The account provides full access to all interfaces, enabling
users to alter or delete all types of available library items and
assets, including process applications and toolkits. This account
also enables administration of Process Servers, Performance Data Warehouses,
and internal users and groups. tw_admin users can
only access or modify task instances that have specifically authorized tw_admin access. Note: Do
not remove this account. Administration of IBM BPM is
not possible without this account.
|
| bpmAuthor Note: The
bpmAuthor user account must be included in the tw_authors group.
|
Provides access to the Designer and other interfaces
in the Process Designer,
including the Process Center console.
Users who log in to Process Center Console
as bpmAuthor can create process applications and
toolkits and control access to those projects. Access to other process
applications and toolkits (projects) and the assets they contain is
controlled by Process Center repository
administrators. For more information, see "Managing access to the Process Center repository"
in the related links. Important: The default password for
bpmAuthor is the administrator password that was specified during
product installation.
|
|
| tw_author (deprecated) | BPMAuthor_Auth_Alias | The preferred user account
for users to log in as an author is bpmAuthor. This
account provides access to the Designer and other interfaces in the Process Designer,
including the Process Center console.
Users who log in to Process Center Console
as tw_author can create process applications and toolkits and control
access to those projects. Access to other process applications and
toolkits (projects) and the assets they contain is controlled by Process Center repository
administrators. Important: The default password for tw_author
is the administrator password that was specified during product installation.
|
| tw_portal_admin (deprecated) | Although this account is
deprecated, and the preferred default user account for administration
is admin, you can still create and use the tw_portal_admin account. This
account provides direct access to the Process Admin console from Process Portal via
an Admin link at the upper right of the portal. Clicking the provided
link opens Process Admin console in a new browser window. Searches
saved by this user in the Process Portal can
be shared with other portal users. Important: The default
password for tw_portal_admin is the administrator password that was
specified during product installation.
|
|
| tw_runtime_server | For runtime environments, used to connect to
the designated Process Center.
This is the default account specified in the PROFILE_HOME\config\cells\cell_name\nodes\node_name\servers\server_name\process-server\config\system\99Local.xml file. Important: The default password for tw_runtime_server is the
administrator password that was specified during product installation.
|
|
| tw_user | Provides a default account for users who are
not authors or administrators. The tw_user account
does not have administration privileges. Authors can add the tw_user account
to the participant groups that they create in the Designer in the Process Designer to
enable other users to run processes and services in the Inspector. Important: The default password for tw_user is the administrator
password that was specified during product installation.
|
|
| tw_webservice | BPMWebservice_Auth_Alias | This user account is invoked when an unprotected
Web service is implemented. Note: This account is publicly available
and so you may want to change it. To do so, copy the entire <webservices> section
from the 99.Local.xml file, edit the section to change
the tw_webservice user name and password, and then
copy the changes to the 100Custom.xml file. These
files are located in the following directories:
Important: The default password for tw_webservice
is the administrator password that was specified during product installation.
|
Table 2 lists the default groups and the users who are included by default.
| Default group | Users included by default | Description |
|---|---|---|
| tw_admins | tw_admin | Members of this group have full access to all
interfaces, assets, servers, and security. Note: Do not remove this
group. Administration of IBM BPM is
not possible without this group.
|
| tw_authors | tw_admin, tw_author, bpmAuthor | Members of this group have access to the Designer and other interfaces in the Process Designer, including the Process Center console. From the Process Center console, members of this group can create process applications and toolkits and control access to projects. Access to other process applications and toolkits (projects) and the assets they contain is controlled by Process Center repository administrators. For more information, see "Managing access to the Process Center repository" in the related links. |
| tw_portal_admins | tw_portal_admin | Members of this group have the ability to directly access the Process Admin console from Process Portal via an Admin link at the upper right of the portal. Clicking the provided link opens the Process Admin console in a new browser window. Also, when members save searches in Process Portal, the searches can be accessed by other portal users. |
| tw_process_owners | tw_admin | Members can use critical path analysis tools in Process Portal. For more information, see "Settings for Critical Path Management." |
| Debug | tw_admin | You can use this account to restrict access to service debugging in the Inspector in the Process Designer. For more information, see "Restricting access to debugging for services." |
| tw_allusers | tw_admin, tw_author, tw_portal_admin, tw_user, tw_webservice | This group is the default lane assignment for non-system lanes when creating business process definitions (BPDs) in the Designer in the Process Designer. The reports and scoreboards that you create in the Designer are available to this group by default. |