Security setup

Setting up a secure environment in IBM® InfoSphere® Information Server involves configuring the user registry, creating users, and assigning security roles to those users.

In InfoSphere Information Server, to set up a secure environment you complete the following tasks:

  1. Choose a user registry and configure it for InfoSphere Information Server.

    A user registry contains valid user names and passwords. To log in to InfoSphere Information Server, a user must have a user name and password in the user registry. The installation program configures InfoSphere Information Server to use its internal user registry. As part of security setup, you can configure InfoSphere Information Server to use an external user registry such as a local operating system user registry or lightweight directory access protocol (LDAP) user registry.

  2. Create users and groups.

    Create users and groups in the user registry. If InfoSphere Information Server is configured to use the internal user registry, create users and groups by using the InfoSphere Information Server console or the InfoSphere Information Server Web console. If InfoSphere Information Server is configured to use an external user registry, use standard operating system utilities or user registry utilities to create users and groups.

  3. Assign security roles to users and groups.

    To configure which suite components a user or a group has access to and what level of access that user or group has in the suite component, assign security roles to the user or group.

  4. Configure InfoSphere Information Server engine security.

    The InfoSphere Information Server engine performs user authentication separately from other InfoSphere Information Server components. Depending on your user registry configuration, you might have to map credentials between the InfoSphere Information Server user registry and the local operating system user registry on the computer where the engine is installed.

  5. Assign project roles to users.

    Some suite components require that you assign project-specific roles to users.

Optionally, you can also complete the following setup tasks:

  • Configure alternate security modes.

    You can configure WebSphere Application Server to work with various security standards, which are typically used to meet security requirements required by the US government.

  • Manage certificates.

    The installation program creates a certificate for you. You can change the certificate, such as if you want to certify it with a certificate authority or update the certificate when it expires. After you change a certificate, you run the UpdateSignerCerts.sh command to permanently accept the certificate to prevent other command line tools to prompt to accept the certificate.

  • Configure IBM WebSphere Application Server for non-root administration.

    By default, WebSphere Application Server runs as root. However, it can also be run by using a non-root user ID. You can configure and set appropriate file system permissions for WebSphere Application Server to run as a non-root user ID.

  • Configure InfoSphere Information Server agents for non-root administration.

    By default, the InfoSphere Information Server agents (such as the ASB agent) run as root. However, they can also be run by using a non-root user ID. You can configure and set appropriate file system permissions for the agents to run as a non-root user ID.

  • Configure the Auditing service.

    The Auditing service creates an audit trail of security-related events. The trail includes all activities that set or modify security-related settings and all user authentications and application logins. You can configure which audit events to log and how much information to include based on your auditing requirements.