In this article:

Creating Service User Credentials

Repository Manager

Setting Up DBMS Connection

Setting Up Service User Parameters

PP.Util.exe

Saving Created Service User Credentials

PP.Util.exe

Exporting Service User Credentials

Creating a Service User

A service user of security subsystem ensures:

NOTE. Creating a service user is required only for a repository created based on the following DBMS: PostgreSQL, Oracle, or Microsoft SQL Server.

To create a service user of security subsystem in Windows OS:

  1. Create service user credentials on the database server.

IMPORTANT. Database server supports only a single service user account. If database server contains several repositories, create a service user with equal credentials for each repository.

  1. Save the created service user credentials on each user computer if you plan to use the desktop and the web applications at the same time. If you plan to use only the web application, save service user credentials on the computer with installed BI server.

When working in the desktop application, the users work directly with the DBMS. When working with the web application, the users work with the DBMS via BI server.

After executing the operations, a service user of security subsystem will be created on the database server and saved according to the selected method on each user computer or on the computer with installed BI server.

TIP. It is recommended to disable the mandatory periodic password change policy for an account of service user of security subsystem in DBMS.

To change the service user password, use the security manager.

Creating Service User Credentials

To create service user credentials on a database server, use the repository manager or the PP.Util.exe utility.

Repository Manager

To create service user credentials:

  1. Start the repository manager as the administrator.

  2. Set up DBMS connection.

  3. Set up service user parameters.

Setting Up DBMS Connection

To set up DBMS connection:

  1. Select the Create Service User of Security Subsystem item in the repository manager dialog box and click the Continue button.

After executing the operations the DBMS Connection dialog box opens:

NOTE. The number of available parameters depends on the selected DBMS.

  1. Set DBMS connection parameters:

  1. Click the Check Connection button to check correctness of entered data. An appropriate message is displayed if connection is successful or failed. An appropriate message is also displayed if the file group specified in advanced settings is not found on checking the connection.

After executing the operations, the connection is set up to the DBMS, on which the repository is based.

To create service user credentials, click the Next button.

Setting Up Service User Parameters

Set up service user parameters:

  1. Go to the Create Service User page:

  1. Set parameters of service user credentials:

NOTE. The P4AUDIT service user name is reserved by the system and cannot be used.

  1. Select a method for saving credentials:

NOTE. Credentials are saved to the local computer registry by the administrator having administrator permissions.

NOTE. The ProgramData folder is hidden in the operating system by default.

The file is available only for the current computer user. If the file exists in the specified folder, it will be overwritten. If there is not such a file, it will be created.

  1. Click the Finish button.

After executing the operations, server user credentials are created on the database server and saved according to the selected method on the current user computer. If service user credentials are not created on a database server and the administrator/user does not have a privilege to create DBMS users, the database authorization dialog box opens.

NOTE. If work is executed with a server based on Oracle DBMS, specify credentials of the Sys user in the dialog box and select the SYSDBA mode in server connection parameters.

PP.Util.exe

To create service user credentials, start the PP.Util.exe application located in the folder with installed Foresight Analytics Platform with the following parameters:

PP.Util.exe /create_audit_user metabase_id login password audit_login audit_password db_login db_password

Where:

NOTE. The repository with the specified identifier should be in the repositories list. If a custom schema is specified in repository connection settings, service user credentials will be created for it.

NOTE. The P4AUDIT service user name is reserved by the system and cannot be used.

After executing the operations, service user credentials are created on the database server.

Saving Created Service User Credentials

To save created service user credentials on each user computer or on the computer with installed BI server, use the PP.Util.exe utility or export registry data to a reg file from the computer, on which the service user is created. Registry data can be exported if one of the options for saving credentials was selected on creating a service user: Only for Me or For Anyone Who Uses This Computer. If the To the settings.xml File method for saving credentials was selected on creating a service user, copy the settings.xml generated file to each user computer or the computer with installed BI server.

The search priority of saved service user credentials:

  1. settings.xml.

  2. The [HKEY_CURRENT_USER] key.

  3. The [HKEY_LOCAL_MACHINE] key.

PP.Util.exe

To save created service user credentials, start the PP.Util.exe application located in the folder with installed Foresight Analytics Platform with the following parameters:

PP.Util.exe /save_audit_creds /ALG enc_alg /SCOPE scope realm|/DC login password

Where:

IMPORTANT. To ensure security during production operation of Foresight Analytics Platform, use the gos or pro value.

Optional parameter. If the parameter is not set, the default value is used.

In Windows OS, credentials will be stored in the settings.xml file located at %PROGRAMDATA%\Foresight\Foresight Analytics Platform.

NOTE. The ProgramData folder is hidden in the operating system by default.

If the file exists in the specified folders, it will be overwritten. If there is not such a file, it will be created.

Optional parameter, it is used only in Windows OS. If the parameter is not set, the default value is used.

In Linux OS, credentials can be stored only in the settings.xml file located at: /opt/foresight/fp10.x-biserver/etc.

NOTE. When setting up repository connection on each client computer or on the computer with installed BI server, IP address or server alias must match with the server specified in the SERVER_DATABASE parameter.

For example: "127.0.0.1|POSTGRES".

NOTE. To avoid syntax errors, enclose the value in quotation marks.

Mandatory parameter.

After executing the operations the service user credentials will be saved on each user computer or on the computer with installed BI server.

IMPORTANT. The service user can be locked on an attempt to log in to the repository if his credentials added using the PP.Util.exe utility mismatch the source credentials specified on creating the user. To unlock the service user, contact DBMS administrator.

Exporting Service User Credentials

To save created service user credentials, export the system registry key from the computer, on which service user credentials were created, in encrypted form:

Next, import the output reg file to the registry of each user computer or the computer with installed BI server.

See also:

Creating and Managing Metadata Repositories | Windows Repository Manager