Configure a DataFlux Authentication Server for Security :: DataFlux(R) Data Management Server 2.6: Administrator's Guide

Overview

Use this section to configure your DataFlux Data Management Server to use a DataFlux Authentication Server to support authorization. To use a SAS Metadata Server for this same purpose, see Configure a SAS Metadata Server for Security.

To use a DataFluxAuthentication Server, you first install, configure, and register the server. You then create users and groups on the server. When the DataFlux Authentication Server is configured, you then install and configure the DataFlux Data Management Server, develop authorizations, and connect to the DataFlux Authentication Server.

Note: All communication between the DataFlux Data Management Server and the Authentication Server is encrypted.

Prepare a DataFluxAuthentication Server

Follow these steps to prepare a DataFluxAuthentication Server to work with a DataFlux Data Management Server:

Register your new Data Management Server in DataFlux Data Management Studio, as described in Register a DataFlux Data Management Server.
Install and configure your DataFlux Authentication Server, and then create domains, users, groups, and shared logins, as described in the DataFlux Authentication Server Administrator’s Guide.
To register your DataFlux Authentication Server, open DataFlux Data Management Studio and click the Administration riser bar.
Select Authentication Server, and then select New.
In the Add Authentication Server Definition dialog box, enter server connection information. If you want to connect to this particular Authentication Server by default, each time you start Studio, click Set as default.
To create a group of administrators for the DataFlux Data Management Server, open the Group riser, click All Groups, and then click New Group.
To add one or more users to your new group of administrators, click the new group, and then click Add Members.
If you need to create a new administrative user definition, click the Users riser, and then click Add New.

CAUTION:

All of the members of your administrative group will be configured to have unrestricted access to all of the objects and commands on this particular DataFlux Data Management Server.
Click Test Connection and click OK twice to close the dialog box.

Configure the DataFlux Data Management Server to Use the DataFlux Authentication Server

After you prepare a DataFluxuthentication Server, follow these steps to configure the DataFlux Data Management Server.

Open the file install-path/etc/dmserver.cfg.
Enable security by setting dmserver/secure = yes.
Identify the name of your administrative group by setting dmserver/secure/grp_admin = your-group-name.
To prevent authorization checks, consider adding users and groups to the options dmserver/secure/grp_allow or dmserver/secure/grp_deny. For information about these options, see Manage Permissions.
Save and close dmserver.cfg.
Specify the DataFlux Authentication Server by setting base/auth_server_loc = iom://server-network-name:21030. 21030 is the default port number, as shown in this example:
```
#
# base/auth_server_loc = URL 
# Location and connection parameters for the Authentication Server.
#
# example: base/auth_server_loc = iom://authserv.mycompany.com:21030
base/auth_server_loc = iom://Orion.us.mktng.com:21030
```
Save and close dmserver.cfg, and then restart the DataFlux Data Management Server.
Open Data Management Studio, click the Administration riser bar, and then connect to the DataFlux Data Management Server that you just restarted.
In the Details pane, notice that the security status has changed to Secured. When the server is secured, the Data Connections and Security tabs are enabled.

Now that security is enabled, you grant permissions on the DataFlux Data Management Server. Note that all users and groups must be created on the DataFlux Authentication Server before they can be accessed on the DataFlux Data Management Server. To learn more, see Manage Permissions.