Process Platform User Privileges

This topic describes various permissions for Process Platform users.

Process Platform user is a special OS user created on the machine during installation. All the Process Platform services are running  with Process Platform user context. This prevents security hacks and grants lesser privilege, so as to avoid services from disturbing the system environment. Process Platform, by default runs under its own local user context (For example :DefaultInst). A typical user name would be InstanceName( Optionally _<<number>> will be added if there exists multiple users of same name, ex: DefaultUser_1).

Permissions to access different components by a Process Platform user are given below:

Component	Permissions
Message Queues	If you use Process Platform along with (IBM Websphere MQ/MSMQ) Messaging and (IIS / Apache) web server on Windows OS, then ensure that the IIS Service user (iwam_<machinename>)/ Apache service user (depending on configuration) and the Process Platform service user (ex: DefaultUser)) are added to theIBM WebSphereMQ (mqm) user group or the MSMQ queue ACLs. If you use Process Platform along with IBM Websphere MQ and Apache on RHEL4, then ensure that the Apache service user (nobody) and Process Platform service user (ex: DefaultUser) are added to theIBM WebSphereMQ (mqm) user group.
Database components	Process Platform user must have permissions on any relevant folders that are outside Process Platform installation directory. e.g. Oracle Installation Folder. If Windows authentication is enabled on MS SQL Server, Process Platform user must be added as user in the MS SQL Server.