Configuring Users and Permissions
Users, their passwords, and Permissions can be edited within 1Integrate.
Note: Access to the different sections of 1Integrate is controlled by a series of Permissions. Changing these permissions is achieved by altering the Roles in your chosen Application Server (WebLogic or WildFly)
Warning: By default, 1Integrate is deployed with example users and passwords included. This enables a quick set-up process, but for security reasons it is HIGHLY RECOMMENDED that:
-
As a minimum, on installation, change all passwords from the default to unique values.
-
Change the user names to ones relevant to your organisation.
-
Do not store users and passwords in plain text
For stronger security and management, consider using other authentication mechanisms such as using your organisation's Lightweight Directory Access Protocol (LDAP) Service e.g. Microsoft Active Directory. This ensures that passwords and usernames are not stored in the application server but managed, as normal, by an IT department.
Permissions
Each user is assigned one or more Permission. These permissions determine a user's privileges and the areas of the functionality to which they have access.
When configuring Permissions in the application server they will be interchangeably known as "Roles", but the two terms are interchangeable.
Permission |
Description |
---|---|
|
Grants the ability to read Data Store objects and folders at the endpoint. |
|
Grants the ability to write Data Store objects and folders at the endpoint.. |
|
Grants the ability to read Rule objects and folders at the endpoint.. |
|
Grants the ability to write Data Rule objects and folders at the endpoint.. |
|
Grants the ability to read Action objects and folders at the endpoint. |
|
Grants the ability to write Action objects and folders at the endpoint. |
|
Grants the ability to read Action Map object and folders at the endpoint. |
|
Grants the ability to write Action Map objects and folders at the endpoint. |
|
Grants the ability to read Session objects and folders at the endpoint. |
|
Grants the ability to write and edit the Session objects and edit folders. |
|
Grants the ability to control a session with the "Play", "Pause", "Rewind" and "Stop" functions. |
|
Grants the ability to access all Session results, including both Task and Session results i.e. Validation errors. |
|
Grants the ability to view the engine grid. |
|
Grants the ability to edit the engine grid. |
|
Grants the ability to manage the API Key functionality in the Dashboard section. |
|
Grants the ability to manage and configure Access Groups. |
|
Grants the ability to access the Repository Administration functions and to see the Environment and System Properties. |
Group Permissions
There are two sets of group permissions available that can be used to quickly assign a common set of permissions to a user.
Group Permission |
Description |
---|---|
|
The User is designed to be applied to standard users, this role includes:
|
|
The Admin to includes all permissions and is designed for those that will be performing administrative functions. Includes all the permissions of 1int-user with the addition of:
|
Default Users
The following users are created by default upon installation:
Username |
Password |
Assigned permissions |
---|---|---|
INTFull |
integrate1 |
This default User has the 1int-admin Group Permission applied. |
INTAdmin |
integrate101 |
This default User has the 1int-admin Group Permission applied. |
INTUser |
integrate102 |
This default User has the 1int-user Group Permission applied. |
Note: You will need to restart 1Integrate for any changes to user and permissions to take effect.
WebLogic Users
1Integrate Users and the Permissions they are assigned should be configured using the WebLogic Server Administrator Console.
Unlike the default Users that are created, the Permission names (known as roles in WebLogic) set up by installer must not be altered.
Note: The default setup assigns the default users to some of the default Permissions (known as roles in WebLogic), allowing you to log in and start using 1Integrate without having to change any of the security configuration. If you wish to customise the users, then WebLogic role assignment can be altered.
WildFly Users
To configure Users and Permissions, navigate to the \wildfly-[version]\SETTINGS
folder. This folder contains the following files:
-
users.properties contains a list of usernames and passwords, in the form
username=password
.
Note: All users listed in the previous table are included as default.
-
roles.properties contains a mapping from user names to 1Integrate permissions in the form
username=permission1,permission2,permission3
LDAP
For stronger security and management, Consider using other authentication and authorisation mechanisms such as your organisation's Lightweight Directory Access Protocol (LDAP) Service e.g. Microsoft Active Directory. This ensures that passwords and usernames are not stored in the application server but managed, as normal, by an IT department.
Authenticate using LDAP (WebLogic)
For information on configuring WebLogic in this way, please refer to the Oracle documentation:
Authenticate using LDAP (WildFly)
The default WildFly configuration of storing passwords as plain text is not recommended for production use. To configure 1Integrate to use your organisation's LDAP service in WildFly, perform the following configuration: