MID Server role validation

Real-time system validation of MID Server role assignments prevents incompatible settings.

To prevent MID Server validation failure and ensure that your MID Server is configured correctly, the system runs several business rules that monitor the roles and settings you select for your MID Server user. The instance displays a warning and blocks the change when you attempt to save an incompatible configuration.

Elevated privileges not permitted

The mid_server role cannot be configured for elevated privileges. The Invalid MID Server settings business rule runs on the Role [sys_user_role] table and prevents the elevated_privileges field from being set to true for the mid_server role.
Figure 1. Warning for elevated privileges on the mid_server role

Relationship table protection

The User Role [sys_user_has_role] table creates the relationship between the [sys_user] and the [sys_user_role] tables.

  • Incompatible role
    The mid_server and security_admin roles are incompatible and cannot be assigned to the same user. The system determines the user's current role and runs the Security Admin incompatible with MID business rule on the User Role [sys_user_has_role] table. This rule prevents an administrator from adding the security_admin role for a user who currently has the mid_server role.
    Figure 2. Warnings for incompatible security_admin role assignment
    Warnings for incompatible security_admin role assignment
  • Incompatible user role and user record settings
    The Incompatible MID Server user role business rule runs on the User Role [sys_user_has_role] table to protect its data from incompatible configurations. Validation for this related table ensures that an administrator cannot assign the mid_server role to a user who:
    • Already holds the security_admin role.
    • Has the web_service_access_only field set to true.
    • Has the internal_integration_user field set to true.
    Figure 3. Warnings for incompatible settings on the user record
    Warnings for incompatible settings on the user record

Incompatible user record settings

Certain settings in the user record are not permitted with the mid_server role. The User settings incompatible with MID business rule runs on the User [sys_user] table to monitor the settings of the web_service_access_only and internal_integration_user check boxes. If the user has the mid_server role, this rule prevents either of these fields from being set to true.
Figure 4. Incompatible MID Server settings
Incompatible MID Server settings
Note: If you upgrade from a previous release with incompatible MID Server roles and settings, the system displays the appropriate warning messages when any change is made to the tables monitored by these business rules. If the change is unrelated to any role and settings validation, the system permits the updates and simply warns you of the existing incompatibilities. If the changes violate any compatibility rules in the Jakarta release, the business rules enforce the restrictions appropriately.