Altova FlowForce Server 2024 Advanced Edition

This topic explains how to create and import users and reset the root password. This topic also provides information about default users, domains and domain trusts.

 

Default users

The following special users are predefined in FlowForce Server.

 

user root

This user is the initial, top-level FlowForce Server administrator. By default, it has all permissions and privileges available in the system.

user anonymous

This is a special user account for users that do not explicitly log in. Anonymous access to the FlowForce Server Administration Interface is not possible, but you can enable anonymous access for certain services exposed as Web services (see Exposing Jobs as Web Services).

 
The built-in users cannot be deleted, although it is possible to change their privileges.

 

Note:The root user can change any privileges and permissions, including own permissions and privileges. Take extra caution when logged in as userroot and editing root privileges, since you may unintentionally lose your own access to the system. In the event that this happens, see Resetting the Root Password.

 

To get a global view of all currently assigned privileges, use privilege reports.

 

In addition to creating FlowForce Server users, you can import domain user accounts and roles from Windows Active Directory or an LDAP Directory Service provider. When the Allow any domain users to log in setting is enabled in the Directory Service settings, users from configured domains are able to log on to FlowForce Server even if you have not explicitly imported their accounts into the FlowForce Server database. To ensure that domain users log on to FlowForce Server only if their account has been explicitly imported by an administrator, clear the Allow any domain users to log in check box and import the domain users, as shown below.

 

Note:The local machine accounts are not part of Active Directory. Therefore, they cannot be imported into FlowForce Server.

 

Create users

A user is a person who logs on to FlowForce Server to create and monitor jobs, deploy MapForce mappings and StyleVision transformations, and configure various settings. The scope of actions available to users in FlowForce Server depends on the following:

 

The permissions and privileges assigned to the users

The permissions and privileges assigned to the roles that the users are members of

 

To add a FlowForce Server user:

 

1.Click Administration, and then click Users.

2.Click Create User.

3.Fill in the required fields.

 

User name

Enter the name of the user. The following restrictions apply:

It must not be empty

It must not begin with or end with spaces

The allowed characters are letters, digits, underscore ( _ ), dash ( - ), and full stop ( . )

Password

Enter the user's password.

Re-type password

Re-type the user's password.

Change password on next login

If you select this check box, the user will be prompted to change password on next login.

 

4.Optionally, grant the required privileges to the user. Note that you can grant privileges to users either directly from this page, or by assigning to them a role which already has some privileges. To simplify user maintenance, it is recommended to use the latter approach (see Create Roles below and Assign Roles to Users).

5.Click Save.

 

To rename a user:

 

1.Click Administration, and then click Users.

2.Click the user record you want to edit.

3.Enter the new name in the User name text box, and then click Save.

 

Notes:

When a user name is changed, the currently assigned user password remains unchanged.

If you are changing your own name (provided that you have this privilege), the changed name becomes effective as soon as you click Save, and is visible in the top right area of the page.

 

Reset root password

In the event that you forgot or lost the password of the userroot user account, you can reset it to the default value from the command line interface (see the command resetpassword ).

 

To perform root password reset, it is assumed that you have access to the operating system where FlowForce is running, including FlowForce binaries and data files. This is the same kind of access required when installing FlowForce or when migrating to a new FlowForce version or server manually.

 

When you perform a password reset, the privileges of the userroot user will also be restored to the default value (that is, all the privileges will be granted).

 

Performing a root password reset does not affect any FlowForce users except the userroot user.

 

Import domain users

To import domain user accounts into FlowForce Server, take the following steps:

 

1.Open the Settings tab of the Administration page, select the Enable check box in the Directory Services section, and configure your preferred Directory Service provider, as described in Changing the Directory Service Settings.

2.Open the Users tab on the Administration page.

3.Click Import Domain Users, which opens the Import Domain Users dialog shown below.

ff_import_domain_users_zoom70

4.If applicable, select the domain of choice from the Context drop-down list.

5.In the Search for text box, start typing the name of the user account you want to import. Partial searches are valid: For example, if you enter a value such as ad, the accounts Administrators, Admanager, and Admin are retrieved from the LDAP server or Active Directory and shown in the webpage dialog. In the case of Active Directory, FlowForce Server uses the Ambiguous Name Resolution (ANR) search algorithm that allows you to specify complex search conditions in a single clause. For example, you can retrieve the account of a person named Jim Smith by typing ji sm. See the Microsoft documentation for further information about Ambiguous Name Resolution in Active Directory.

6.Select the records that you you want to import and click Import Selected. Waiting time increases if the domain is not local.

 

Domains and domain trusts

You can see the list of available domains on the login page and in the following sections of the Administration page: (i) in the dialog box Import Domain Users in the Users tab, (ii) in the dialog box Import Domain Roles in the Roles tab, and (iii) in the Settings tab. Currently, only the following domains are visible in FlowForce Server: the domain with the machine on which FlowForce Server is installed and any domains from the same forest to which this machine belongs. However, other trusted domains connected via the external, forest, realm and shortcut trusts are not supported and cannot be seen in the list of available domains in FlowForce Server.

 

Note:To run a job, you can use any user credentials accepted by Windows. In this case, Windows will take care of the external trusts.

 

© 2018-2024 Altova GmbH