Security and User IDs for WebFOCUS and ReportCaster

Topics:

This section provides a brief overview of default WebFOCUS security and authentication issues. These defaults can be changed using security exits and other features. In addition, your enterprise may require additional security and authentication for the web server, mail server, data sources, or other third-party components. For a complete discussion of WebFOCUS security, see the WebFOCUS Security and Administration manual.

By default, WebFOCUS uses two completely independent user ID types, although it is possible to synchronize them:

Managed Reporting and ReportCaster IDs

A user has the same ID for Managed Reporting and ReportCaster. This ID determines which features, reports, and data are accessible through these products. By default, these IDs are created and maintained by a WebFOCUS administrator using the WebFOCUS Security Center.

When WebFOCUS is first installed, the default WebFOCUS administrator ID and password are both admin. After completely installing WebFOCUS and ReportCaster, an administrator should sign in as admin, update the password for the admin account, and create accounts for other users.

For information on integration with basic web server authentication or WebFOCUS Reporting Server security, see the WebFOCUS Security and Administration manual.

WebFOCUS Reporting Server Security Providers

Necessary IDs for the WebFOCUS Reporting Server depend on which security provider the server uses. Each time you start the WebFOCUS Reporting Server, you can specify a security provider that determines how authentication occurs when running reports and accessing the Web Console. The Web Console is a web-based tool for configuring and administering the WebFOCUS Reporting Server.

For more information, see the Server Installation manual.

You can run the server with:

  • Security ON
  • Security OFF

The following are the most common security providers, which are set through the Web Console:

  • OPSYS. Authentication is performed by the operating system of the WebFOCUS Reporting Server machine. Users are authenticated when running reports and when accessing the Web Console to configure the server.
  • PTH. Authentication is internal. User IDs and encrypted passwords are stored in a file created by the server:
    drive:\ibi\profiles\admin.cfg

    Users are authenticated only when accessing the Web Console to configure the server. Authentication is not required to run reports.

Security providers DBMS and LDAP are other options. For more information, see the Server Administration manual.

WebFOCUS Reporting Server User IDs

Regardless of security provider, there is a distinction between WebFOCUS Client execution IDs and server administrator IDs.

  • Execution IDs are user IDs needed to run reports or applications. With security OFF or ON with provider PTH, no authentication is needed for these tasks. With security provider OPSYS, the authentication is performed by the operating system of the WebFOCUS Reporting Server machine. Since authentication is performed by the operating system, these IDs are not created, stored, or maintained through WebFOCUS.

    With security provider OPSYS, when you run a report in a WebFOCUS application, the WebFOCUS Client must pass an execution ID to the server. End users can be prompted to provide this execution ID, or the WebFOCUS Client can automatically send a predetermined execution ID. For more information on configuring how the WebFOCUS Client provides execution IDs to the server, see WebFOCUS Client Post-Installation Tasks.

  • Server administrator IDs are user IDs needed to start the server and access the Web Console. During the server installation, you are prompted for a PTH user ID and password to administer the server. After installation, you can change and add security providers and administrators through the Web Console. The server stores administrator IDs and encrypted passwords in:
    drive:\ibi\profiles\admin.cfg

    These server administrator user IDs and passwords are needed for the following:

    • Web Console Authentication. With security providers OPSYS and PTH, only user IDs stored in the admin.cfg file can sign in to the Web Console as administrators. With security provider OPSYS, passwords are authenticated through the operating system. For security provider PTH, the server uses the passwords stored in the admin.cfg file.
    • Starting the Server. With all security providers, only user IDs stored in the admin.cfg file have the authority to start the server. To start the server, a server administrator ID stored in admin.cfg must have the same name as an operating system user ID with full file permissions to the server directories.

      To run with security provider OPSYS on Windows, both the user ID and password stored in admin.cfg must match the Windows user ID and password of the user starting the server. If your operating system password changes or you did not provide the correct password during installation, you must update the password stored by the server through the Web Console. The user ID and password stored by the server in admin.cfg must be kept in sync with the operating system (or domain).

Note: To access data sources needed for reports, the type of authentication is determined by how you configure the adapter for the data source, as explained in the Server Administration manual.

WebFOCUS

Feedback