Don't get lost: IMan Guides » Administration Guide » IMan Security Considerations

IMan Security Considerations

This section discusses the various IMan security issues and the required configuration needed for IMan to function properly. Where the non-default windows permissions are required the IMan Permissions Function to configures the necessary local permissions.

Background

Due to the distributed nature of IMan, where the IMan services perform different but sometimes similar tasks there is a strong requirement that all three services and the IIS Application Pool to which IMan is assign run under the same or very similar security contexts.

A default IMan installation will install all three IMan services to run using the LocalSystem security context, and the IMan Application Pool to run under the context it was created.

When to Alter IMan Service & IIS AppPool Security

In broad terms the security context under which IMan runs will need to be changed should IMan require access to:

  • Local File Resources where the Permissions have been explicitly set to remove access to LocalSystem and the IMan IIS Application Pool user account.
  • ANY file resource located on a remote server.
  • Applications using Windows or Active Directory based authentication.

See the following Security Consideration for Resources section for more detail.

IMan Permissions Function

Describes how to use the IMan Permission function.

Security Consideration for Resources

Describes the local and domain user considerations when using the Permissions function.

IMan Service & IIS App POOL Permissions

Describes the permissions needed by the main 4 components of IMan.

Local Machine Required Permissions

Describes the shared permissions required by different components of IMan.