Create the MID Server user and grant the role

Create the MID Server user ID and grant this user the role it needs to communicate with the instance.

Before you begin

Role required: admin

About this task

The MID Server connects to an instance by using the SOAP web service. To allow authentication with the instance, create a separate user account for each MID Server or share the same account across multiple MID Servers. Grant each MID Server user the mid_server role, which is required for the MID Server user on any instance on which basic authentication is enabled. The mid_server role allows the MID Server to access protected tables when strict SOAP security is in place. The system adds the necessary SOAP roles automatically with this role.
Note: The strict SOAP security feature, enabled by default for any instance that uses basic authentication, protects all tables with Access Control Lists (ACL).

Procedure

  1. From the instance, navigate to User Administration > Users.
  2. Click New.
  3. Complete the fields in the form.
    Field Description
    User ID User name for the MID Server user. This name is specified in the mid.instance.username parameter of the configuration file that the MID Server installer creates. For details, see MID Server parameters.
    First name The user's first name.
    Last name The user's last name.
    Password Password for the MID Server user. This password is specified in the mid.instance.password parameter of the configuration file that the MID Server installer creates.
  4. Right-click the header and select Save.
  5. Under the Roles related list, click Edit.
  6. Select the mid_server role for this user.
    Each MID Server account must have this role to access protected tables.
    Important: The mid_server and security_admin roles are incompatible and cannot be assigned to the same user. For information on how the instance checks role assignments, see MID Server role validation
  7. Click Save.
  8. Confirm that the MID Server account was created successfully and the account has connectivity to the instance.
    1. On the host machine where you intend to install the MID Server, open a browser and navigate to the instance.
    2. Use your new MID Server user credentials to log in.
      If the login is successful, then any MID Servers you install on that host will be able to connect to the instance.

MID Server role validation

Real-time system validation of MID Server role assignments prevents incompatible settings.

To prevent MID Server validation failure and ensure that your MID Server is configured correctly, the system runs several business rules that monitor the roles and settings you select for your MID Server user. The instance displays a warning and blocks the change when you attempt to save an incompatible configuration.

Elevated privileges not permitted

The mid_server role cannot be configured for elevated privileges. The Invalid MID Server settings business rule runs on the Role [sys_user_role] table and prevents the elevated_privileges field from being set to true for the mid_server role.
Figure 1. Warning for elevated privileges on the mid_server role

Relationship table protection

The User Role [sys_user_has_role] table creates the relationship between the [sys_user] and the [sys_user_role] tables.

  • Incompatible role
    The mid_server and security_admin roles are incompatible and cannot be assigned to the same user. The system determines the user's current role and runs the Security Admin incompatible with MID business rule on the User Role [sys_user_has_role] table. This rule prevents an administrator from adding the security_admin role for a user who currently has the mid_server role.
    Figure 2. Warnings for incompatible security_admin role assignment
    Warnings for incompatible security_admin role assignment
  • Incompatible user role and user record settings
    The Incompatible MID Server user role business rule runs on the User Role [sys_user_has_role] table to protect its data from incompatible configurations. Validation for this related table ensures that an administrator cannot assign the mid_server role to a user who:
    • Already holds the security_admin role.
    • Has the web_service_access_only field set to true.
    • Has the internal_integration_user field set to true.
    Figure 3. Warnings for incompatible settings on the user record
    Warnings for incompatible settings on the user record

Incompatible user record settings

Certain settings in the user record are not permitted with the mid_server role. The User settings incompatible with MID business rule runs on the User [sys_user] table to monitor the settings of the web_service_access_only and internal_integration_user check boxes. If the user has the mid_server role, this rule prevents either of these fields from being set to true.
Figure 4. Incompatible MID Server settings
Incompatible MID Server settings
Note: If you upgrade from a previous release with incompatible MID Server roles and settings, the system displays the appropriate warning messages when any change is made to the tables monitored by these business rules. If the change is unrelated to any role and settings validation, the system permits the updates and simply warns you of the existing incompatibilities. If the changes violate any compatibility rules in the Jakarta release, the business rules enforce the restrictions appropriately.