This section describes the minimum permissions required to install and run Management Framework components. For information about minimum permissions required for other Genesys components, refer to product- or component-specific documentation.
The following table provides the minimum permissions required to install and run Framework components.
|Component||Minimum Permissions (UNIX)||Minimum Permissions (Windows)|
|Configuration Server||Users group||Administrators group a|
|Solution Control Server||Users group||Administrators group|
|Message Server||Users group||Administrators group|
|SNMP Master Agent||Users group||Administrators group|
|Local Control Agent b||root||Administrators group|
- The user account for the running process is usually determined by the user or object that started the process. For example, if a process is started by LCA, then the process inherits its permissions from LCA.
- root or Administrators permission is required to install the component because, during installation, it updates the startup file and registry.
After a component is installed, you can update the component to start under a different user account with lower privileges. However, before doing so, make sure that you updated the working directories with the correct read and write permissions.
To run LCA and Genesys Deployment Agent (GDA) as a non-root user, do one of the following, depending on your operating system:
Create startup scripts for LCA and GDA that set up LCA and GDA to run under the non-root user. For these scripts, it is assumed that LCA is installed in /home/genesys/GCTI, and the name of the non-root user is genesys. See LCA Startup Script-gctilca and GDA Startup Script-gctigda for examples of these scripts. To install the startup scripts, put them in the directory /etc/rc.d/init.d/ and run one or both of the following commands, as required:
chkconfig -add gctilca chkconfig -add gctigda
Change the account associated with the LCA service. One way to do this is through Windows Administrative Services, as follows:
- Go to Start > Settings > Control Panel > Administrative Services > Services, right-click LCA, and select Properties.
- Open the Log On tab and in the Log on as section, select This account, and change the account associated with the LCA service.
Database User Privileges
A database user that accesses the Configuration Database on behalf of Configuration Server, that is, the user identified in the Configuration Server configuration file, requires basic database privileges, as defined in this section.
When the database is created, it is assumed that it is created under the new user and the initialization scripts are under that user account, unless otherwise stated.
After the new database user is created, grant the necessary privileges as follows:
GRANT CONNECT TO <DB user> GRANT CREATE TABLE TO <DB user> GRANT UNLIMITED TABLESPACE TO <DB user> GRANT CREATE PROCEDURE TO <DB user>
For MS SQL 2000, grant the public role to the new database user on the Database Access tab of the SQL Server Login Properties dialog box for the new user. In addition, grant the following privileges:
GRANT CREATE TABLE TO <DB user> GRANT CREATE PROCEDURE TO <DB user>
For MS SQL 2005 and later, grant the public and db_owner roles to the new database user.
Grant the necessary privileges as follows:
CONNECT TO <database>; GRANT CREATE TAB,CONNECT ON DATABASE TO USER <DB user>; CONNECT RESET;
From pgAdmin, grant the following privileges:
- Can create database object
- Can create roles
To configure client authentication, update the pg_hba.conf file, located in the data directory under the PostgreSQL installation folder. For example:
host GCTI_Test gctitest <IP address1>/32 trust host GCTI_Test gctitest <IP address2>/32 trust
This enables the DB user gctitest to connect to the GCTI_Test database from the hosts IPaddress1 and IPaddress2.
LCA Startup Script-gctilca
The following is an example of a script to allow LCA to run under a non-root user.[+] Show script
GDA Startup Script-gctigda
The following is an example of a script to allow GDA to run under a non-root user.[+] Show script