Creating a Repository Administrator on Windows - trillium_discovery - trillium_quality - 17.1

Trillium DQ Installation Guide
Product type
Software
Portfolio
Verify
Product family
Trillium
Product
Trillium > Trillium Quality
Trillium > Trillium Discovery
Version
17.1
Language
English
Product name
Trillium Quality and Discovery
Title
Trillium DQ Installation Guide
Topic type
How Do I
Overview
Reference
Configuration
Installation
First publish date
2008

As part of the Trillium repository server installation, you designate the user who will be responsible for managing the repository, users, and data connections and will perform other administrative duties in Trillium. You have three options for setting up this administrator:

  • If you have Windows Active Directory services enabled, you can designate a user from the Windows Administrator group as the repository administrator.

Note: We recommend that you use Windows Active Directory services. If you choose this option, it applies to all Trillium users. In other words, you cannot use a Windows Administrator group user as the repository administrator and then create Trillium-specific users for the Control Center.
Note: The TSS application administrator can also serve as the Trillium repository administrator. Alternatively, you can establish a separate user to perform the role of repository administrator.

  • During installation, you can create a Trillium-specific user as the administrator.

  • For a Trillium-specific user, you can optionally limit the administrator’s role to only managing application and repository files using the Repository Manager. This prevents the repository administrator from interacting with the operating system.

You specify the type of user (Windows Active Directory or Trillium) that will serve as the repository administrator during the installation process. If you plan to designate a Trillium-specific user as the repository administrator and you want to restrict this user’s access, you must complete the following procedure before you install.

To limit the role of the Trillium repository administrator on Windows

  1. Create the following user accounts:

    • repadmin - Trillium repository administrator account

    • tssuser - User account that is accessible by users of the repository server and that has access to the appropriate data source(s). You may create as many user accounts as you require.

  2. Apply the “Log on as Batch Job” group policy privilege to every user account that is to be used to import data using the Create Entity Wizard.

  3. When you install the Trillium repository server, choose the option to install for repadmin only.

  4. Change all Trillium services to run as a Local System account.

    1. From the Windows Control Panel, open System and Security > Administrative Tools > Services.Click Start > Control Panel > System and Security > Administrative Tools > Services.

    2. Locate the Trillium services.

    3. Right-click, and choose Properties. Click the Log on tab and select the Local System Account option.

    4. Click OK.

  5. Set the following directory permissions:

  • Import directories - Grant permission for tssuser to read the directories where the data will be stored. Ensure that Local Service does not have permission to do so.

  • Application and Repository directories- Grant full control permissions to Local Service and deny access for tssuser.