IBM® Business Process Manager has an internal security provider that includes several default users and groups. For each default user account, default authentication aliases are provided for external components to connect to the Process Server. These default groups are internal groups that exist only in the BPMDB and are managed using the Process Admin Console.
| Default user account | Authentication alias | Description |
|---|---|---|
| default administrative user This user account is the user that you specified as administrator during installation of IBM Business Process Manager. This account is represented as "admin" in this section, but during installation you can assign any user as the administrator. |
BPMPrimaryAdmin_Auth_Alias | Provides full access to all interfaces,
enabling users to alter or delete all types of available library items
and assets, including process applications and toolkits. This account
also enables administration of Process Servers, Performance Data Warehouses,
and internal users and groups. Important: Make sure
that the admin default user is added to the tw_admins group
to allow the admin user to deploy Process Applications on the Process Center server.
The admin user account must be included in all the groups.
|
| tw_admin (deprecated) | BPMAdmin_Auth_Alias | Although this account is deprecated, and
the preferred default user account is admin, the tw_admin account
is still available for compatibility with earlier versions of the
product. The account provides full access to all interfaces,
enabling users to alter or delete all types of available library items
and assets, including process applications and toolkits. This account
also enables administration of Process Servers, Performance Data Warehouses,
and internal users and groups. Note: Do not remove this account. Administration
of IBM BPM is
not possible without this account.
Important: The
default password for tw_admin is the administrator password that was
specified during product installation.
|
| bpmAuthor Note: The bpmAuthor user account
must be included in the tw_authors group.
|
Provides access to the Designer and other interfaces
in the Process Designer,
including the Process Center console.
Users who log in to Process Center Console
as bpmAuthor can create process applications and
toolkits and control access to those projects. Access to other process
applications and toolkits (projects) and the assets they contain is
controlled by Process Center repository
administrators. For more information, see "Managing access to the Process Center repository"
in the related links. Important: The default password for
bpmAuthor is the administrator password that was specified during
product installation.
|
|
| tw_author (deprecated) | BPMAuthor_Auth_Alias | The preferred user account for users to
log in as an author is bpmAuthor. This account
provides access to the Designer and other interfaces in the Process Designer,
including the Process Center console.
Users who log in to Process Center Console
as tw_author can create process applications and
toolkits and control access to those projects. Access to other process
applications and toolkits (projects) and the assets they contain is
controlled by Process Center repository
administrators. Important: The default password for tw_author
is the administrator password that was specified during product installation.
|
| tw_portal_admin (deprecated) | Although this account is deprecated, and
the preferred default user account for administration is admin, you
can still use the tw_portal_admin account. However,
because of functionality changes in IBM BPM V8,
users logging in with this account no longer have any special access
rights. Important: The default
password for tw_portal_admin is the administrator password that was
specified during product installation.
|
|
| tw_runtime_server | For runtime environments, used to connect to
the designated Process Center.
This default account is specified in the following path: PROFILE_HOME\config\cells\cell_name\nodes\node_name\servers\server_name\process-server\config\system\99Local.xml Important: The default password for tw_runtime_server is the
administrator password that was specified during product installation.
|
|
| tw_user | Provides a default account for users who are
not authors or administrators. The tw_user account
does not have administration privileges. Authors can add the tw_user account
to the participant groups that they create in the Designer in the Process Designer to
enable other users to run processes and services in the Inspector. Important: The default password for tw_user is the administrator
password that was specified during product installation.
|
|
| tw_webservice | BPMWebservice_Auth_Alias | This user account is invoked when an unprotected
web service is implemented. Note: This account is publicly available
and so you may want to change it. To do so, copy the entire <webservices> section
from the 99.Local.xml file, edit the section to change
the tw_webservice user name and password, and then
copy the changes to the 100Custom.xml file. These
files are located in the following directories:
PROFILE_HOME\config\cells\cell_name\nodes\node_name\servers\server_name\process-server\config\system\99Local.xml PROFILE_HOME\config\cells\cell_name\nodes\node_name\servers\server_name\process-server\config\100Custom.xml Important: The default password for tw_webservice is the administrator
password that was specified during product installation.
|
Table 2 lists the default groups and the users who are included by default.
| Default group | Users included by default | Description |
|---|---|---|
| tw_admins | tw_admin | Members of this group have full access to all
interfaces, assets, servers, and security. Note: Do not remove this
group. Administration of IBM BPM is
not possible without this group.
|
| tw_authors | tw_admin, tw_author, bpmAuthor | Members of this group have access to the Designer and other interfaces in the Process Designer, including the Process Center console. From the Process Center console, members of this group can create process applications and toolkits and control access to projects. Access to other process applications and toolkits (projects) and the assets they contain is controlled by Process Center repository administrators. For more information, see "Managing access to the Process Center repository" in the related links. |
| tw_portal_admins | tw_portal_admin | Because of functionality changes in IBM BPM V8, users logging in with this account no longer have any special access rights. |
| tw_process_owners | tw_admin | Members can use critical path analysis tools in Process Portal. For more information, see "Settings for Critical Path Management." |
| Debug | tw_admin | You can use this account to restrict access to service debugging in the Inspector in the Process Designer. For more information, see "Restricting access to debugging for services." |
| tw_allusers | tw_admin, tw_author, tw_portal_admin, tw_user, tw_webservice | This group is the default lane assignment for non-system lanes when creating business process definitions (BPDs) in the Designer in the Process Designer. The reports and scoreboards that you create in the Designer are available to this group by default. |