Categories of user
The following categories of user exist:
- Application developers
- These users do not need to run mqsi commands, but must be placed in an
access control list (ACL) before they can use an integration node. Put these users only in the
user list for publishing IBM® Integration Toolkit.
- Administrators
- If you use Citrix to publish the IBM Integration Toolkit and the IBM Integration Bus command console, put all
administrators in the users lists for both applications. For information
about the permissions that administrators need, see Security requirements for administrative tasks.
You can create Windows groups that correspond
to the application developer and administrator categories, put the groups in the
appropriate user lists, then allocate users to the relevant Windows group. Alternatively, you can give
appropriate permissions directly to the user.
Make all users members of the
Remote Desktop Users group, so that they can use Terminal Server.
Attention: Users who have
access to the IBM Integration Bus command
console through Citrix can
use the console to run other commands that are unrelated to
the integration node.
For information about the rights of groups such as mqm, mqbrkrs, and Administrators, see
Security requirements for Windows systems.
Concurrent multi-users
Allowing multiple
concurrent users to access
IBM Integration Bus by
Citrix on a
Windows server requires the same
planning as allowing multiple concurrent users to access the
IBM Integration Bus on a
Linux or
UNIX server. For example:
- All application developers should have their own integration server,
so that they can deploy message flows and start and stop integration
servers without conflicting with each other during development and
testing. However, an exection group might be administered by more
than one administrator. In these cases, administrators should coordinate
their activities so that they do not conflict with each other. For
example, when one administrator is starting an integration server, no
one else should be trying to stop it.
- All users should have their own workspace. The Windows system administrator should
give each user the appropriate read and write permissions for the
directory that corresponds to their workspace.