Configuring Users and Roles
Users and Roles can be edited within 1Integrate.
Note: You will need to restart 1Integrate for any changes to user and roles to take effect.
By default, 1Integrate is deployed with example users and passwords included. This enables a quick set-up process, but for security reasons it is HIGHLY RECOMMENDED that:
- As a minimum, on installation, change all passwords from the default to unique values.
- change the user names to ones relevant to your organisation.
For stronger security and management, consider using other authentication mechanisms such as using your organisation's Lightweight Directory Access Protocol (LDAP) Service e.g. Microsoft Active Directory. This ensures that passwords and usernames are not stored in the application server but managed, as normal, by an IT department.
Roles
The following roles are available in 1Integrate:
Role | Description |
---|---|
rs_admins |
The administrator can set up system parameters and has all the privileges of the other roles. These include creating and modifying:
The administrator can also define sessions and upload files. |
rs_data_engineers |
A data engineer can:
|
rs_data_loaders | A data loader can upload files into 1Integrate on the Data Stores page only. |
rs_data_quality_stewards | A data quality steward can define and run sessions only. |
rs_monitors | The Monitor role is for read-only access to parts of the REST API. |
rs_rule_definers |
A rule definer can create and modify:
The rule definer can also run sessions. |
rs_users | A user can only view data presented on the interface. |
rswsuser | A web service user can use the web services. |
Users
The following users are and roles are created by default upon installation:
Username | Password | Assigned roles |
---|---|---|
INTFull | integrate1 |
rs_users rswsuser rs_rule_definers rs_data_loaders rs_data_engineers rs_data_quality_stewards |
INTAdmin | integrate101 |
rs_admins rs_users rswsuser |
INTUser | integrate102 | rs_users |
INTWService | integrate103 | rswsuser |
INTRule | integrate104 | rs_rule_definers |
INTLoader | integrate105 |
rs_data_loaders |
INTEng | integrate106 | rs_data_engineers |
INTQuality | integrate107 | rs_data_quality_stewards |
INTMonitor | integrate108 | rs_monitors |
WebLogic Users
1Integrate users and roles should be configured using the WebLogic Server Administrator Console.
Role membership determines a user's access to application features.
1Integrate roles are created by default. However, unlike the default users that are created, the role names set up by installer must not be altered.
Note: The default setup assigns the default users to some of the default roles, allowing you to log in and start using 1Integrate without having to change any of the security configuration. If you wish to customise the users, then role assignment can be altered.
WildFly Users
To configure users and roles, navigate to the \wildfly-[version]\SETTINGS folder. This folder contains the following files:
-
users.properties contains a list of usernames and passwords, in the form username=password.
Note: All users listed in the table above are included as default.
-
roles.properties contains a mapping from user names to 1Integrate roles in the form username=role1,role2,role3
LDAP
For stronger security and management, Consider using other authentication and authorisation mechanisms such as your organisation's Lightweight Directory Access Protocol (LDAP) Service e.g. Microsoft Active Directory. This ensures that passwords and usernames are not stored in the application server but managed, as normal, by an IT department.
Authenticate using LDAP (WebLogic)
For information on configuring WebLogic in this way, please refer to the Oracle documentation:
Authenticate using LDAP (WildFly)
The default WildFly configuration of storing passwords as plain text is not a recommended for production use. To configure 1Integrate to use your organisation's LDAP service in WildFly, perform the following configuration: