Jump to: navigation, search

Permission Prerequisites

This section describes the minimum permissions required to install and run Management Framework components. For information about minimum permissions required for other Genesys components, refer to product- or component-specific documentation.

System Permissions

The following table provides the minimum permissions required to install and run Framework components.

Component Minimum Permissions (UNIX) Minimum Permissions (Windows)
Configuration Server Users group Administrators group a
Solution Control Server Users group Administrators group
Message Server Users group Administrators group
SNMP Master Agent Users group Administrators group
Local Control Agent b root Administrators group
  1. The user account for the running process is usually determined by the user or object that started the process. For example, if a process is started by LCA, then the process inherits its permissions from LCA.
  2. root or Administrators permission is required to install the component because, during installation, it updates the startup file and registry.

After a component is installed, you can update the component to start under a different user account with lower privileges. However, before doing so, make sure that you updated the working directories with the correct read and write permissions.

Example

Important
Support is discontinued for Genesys Deployment Agent (GDA) in LCA release 8.5.100.31 and later.

To run LCA and Genesys Deployment Agent (GDA) as a non-root user, do one of the following, depending on your operating system:

Create startup scripts for LCA and GDA that set up LCA and GDA to run under the non-root user. For these scripts, it is assumed that LCA is installed in /home/genesys/GCTI, and the name of the non-root user is genesys. See LCA Startup Script-gctilca and GDA Startup Script-gctigda for examples of these scripts. To install the startup scripts, put them in the directory /etc/rc.d/init.d/ and run one or both of the following commands, as required:

chkconfig -add gctilca
chkconfig -add gctigda

Change the account associated with the LCA service. One way to do this is through Windows Administrative Services, as follows:

  1. Go to Start > Settings > Control Panel > Administrative Services > Services, right-click LCA, and select Properties.
  2. Open the Log On tab and in the Log on as section, select This account, and change the account associated with the LCA service.

Database User Privileges

A database user that accesses the Configuration Database on behalf of Configuration Server, that is, the user identified in the Configuration Server configuration file, requires basic database privileges, as defined in this section.

When the database is created, it is assumed that it is created under the new user and the initialization scripts are under that user account, unless otherwise stated.

After the new database user is created, grant the necessary privileges as follows:

GRANT CONNECT TO <DB user>
GRANT CREATE TABLE TO <DB user>
GRANT UNLIMITED TABLESPACE TO <DB user>
GRANT CREATE PROCEDURE TO <DB user>

For MS SQL 2000, grant the public role to the new database user on the Database Access tab of the SQL Server Login Properties dialog box for the new user. In addition, grant the following privileges:

GRANT CREATE TABLE TO <DB user>
GRANT CREATE PROCEDURE TO <DB user>

For MS SQL 2005 and later, grant the public and db_owner roles to the new database user.

Grant the necessary privileges as follows:

CONNECT TO <database>;
GRANT CREATE TAB,CONNECT ON DATABASE TO USER <DB user>;
CONNECT RESET;

From pgAdmin, grant the following privileges:

  • Can create database object
  • Can create roles
Or, you can execute the following query:
CREATE ROLE <DB user> LOGIN ENCRYPTED PASSWORD <encrypted password> NOINHERIT CREATEDB CREATEROLE VALID UNTIL 'infinity';

To configure client authentication, update the pg_hba.conf file, located in the data directory under the PostgreSQL installation folder. For example:

host GCTI_Test gctitest <IP address1>/32 trust
host GCTI_Test gctitest <IP address2>/32 trust

This enables the DB user gctitest to connect to the GCTI_Test database from the hosts IPaddress1 and IPaddress2.

Sample Scripts

This section contains sample scripts required to run LCA and GDA on UNIX under a non-root user.

Important
Support is discontinued for Genesys Deployment Agent (GDA) in LCA release 8.5.100.31 and later.

LCA Startup Script-gctilca

The following is an example of a script to allow LCA to run under a non-root user.

[+] Show script

GDA Startup Script-gctigda

The following is an example of a script to allow GDA to run under a non-root user.

[+] Show script
Retrieved from "https://docs.genesys.com/Documentation:FR:Dep:MinPerms:8.5.1 (2019-08-26 00:41:50)"
This page was last modified on May 3, 2019, at 02:29.

Feedback

Comment on this article:

blog comments powered by Disqus