Security Consideration for Resources
The following table describes the various security considerations for resources (file, network, database) used in any integration. The recommended strategy columns refers to the user under which IMan is set to run using the IMan Permissions Function.
|
Resource |
Security Implication |
Recommended Strategy |
|---|---|---|
|
Applications Using Windows/Active Directory Authentication |
IMan requires sufficient access to any application which implements a windows security based authentication e.g. a LAN/WAN based webservice |
Create or configure a local or domain user (depending on location of application to IMan) with sufficient access to the application. |
|
Connectors Needing File Resources (Sage300, Sage50) |
Connectors such as Sage300, Sage50 have file resources which need to be accessible by IMan in order to connect/integrate with. |
See ‘File Resources’ above. |
|
Connectors Using Window Authentication (Sage200) |
Any connector such as Sage200 using windows authentication must be able to authenticate with a windows user with sufficient rights. |
See ‘Applications Using Windows/Active Directory Authentication’ |
|
Databases |
Databases authenticated with using windows credentials e.g. SQL accessed via Integrated Security will need to allow relevant access. |
Create local or domain user (depending on location of database to IMan) with sufficient access to the database. |
|
File Resources |
Integrations with a file based component require sufficient rights to read or write to that location. |
If the files are located locally, by default the Local System will have access to the file. When permissions have been set explicitly either allow access to ‘Local System’ or create a user (local or domain) with read & write rights to the required locations.
If the files are located on a remote server create a domain user with read & write rights to the required locations. |
|
Proxies & Internet Based Resources |
Support for internet based resources (FTP, Email and Web Services) requiring proxy authentication is limited.
To access these resources the proxy must support transparent authentication. For example Microsoft Internet Security and Acceleration Server support domain user based authentication. |
Configure the proxy to allow direct internet access from the server or for proxies supporting transparent authentication. |