Creating and maintaining users for a deployment environment server

You can use the IBM® WebSphere® administrative console to create and configure user accounts for a deployment environment server. A deployment environment is an environment in which server processes, which are typically on different physical computer systems, are managed together.

Before you begin

Log in to the WebSphere administrative console.
Notes:
- To create and maintain users, log in as an administrative user, such as a user in the DeAdmin role. Do not remove the user or group assigned to the DeAdmin role. Only users and groups assigned to this role can administer servers and users.
- To create users, you must have permission at the WebSphere Application Server level.
Important: You cannot create a new user using the Process Admin Console if a user was created in the past with the same user name. Once a user has been created using the Process Admin Console, it is kept in the BPM system. Even if the user is subsequently deleted, the user entry is not removed from the BPM DB and the internal authorization system.
Make sure that administrative security is enabled. For more information, see Configuring administrative and application security.

About this task

During installation and profile creation on a deployment environment server, a file-based federated user repository is configured as the active user registry. You can change the default user repository by using the administrative console, or in the case of the Tivoli® Access Manager, by configuring the repository with the wsadmin command.

Restriction: Specify unique user IDs for every user in the following groups:

WebSphere Application Server Virtual Member Manager (VMM) user repository security groups
Lightweight Directory Access Protocol (LDAP) user repository security groups
Internal IBM Business Process Manager custom user registries

Procedure

The procedure for creating and configuring user accounts in a network deployment environment varies according to the type of user registry that is implemented, and whether your deployment uses an external security provider.

Use the appropriate method to manage user authentication. For example, to configure Microsoft Active Directory to perform user authentication see Using Microsoft Active Directory for authentication in the WebSphere Application Server Information Center. To add users to the Lightweight Directory Access Protocol user registry, see Adding users to the Lightweight Directory Access Protocol user registry in the WebSphere Application Server Information Center.
To configure a user ID for specific access privileges on a Windows system, see Configuring a user ID for proper privileges for local operating system registries in the WebSphere Application Server Information Center.
To assign users to specific security roles for application security, see Assigning users and groups to roles in the WebSphere Application Server Information Center.
To assign users and groups to administrative roles so that the users can perform administrative functions, see Authorizing access to administrative roles in the WebSphere Application Server Information Center.
To assign users to internal groups to access the administrative console, Process Center, and Process Portal applications, see Default users and groups.