As part of the Trillium repository server installation, you designate the user who will be responsible for managing the repository, users, and data connections and will perform other administrative duties in Trillium. You have three options for setting up this administrator:
If you have Windows Active Directory services enabled, you can designate a user from the Windows Administrator group as the repository administrator.
During installation, you can create a Trillium-specific user as the administrator.
For a Trillium-specific user, you can optionally limit the administrator’s role to only managing application and repository files using the Repository Manager. This prevents the repository administrator from interacting with the operating system.
You specify the type of user (Windows Active Directory or Trillium) that will serve as the repository administrator during the installation process. If you plan to designate a Trillium-specific user as the repository administrator and you want to restrict this user’s access, you must complete the following procedure before you install.
To limit the role of the Trillium repository administrator on Windows
Create the following user accounts:
repadmin
- Trillium repository administrator accounttssuser
- User account that is accessible by users of the repository server and that has access to the appropriate data source(s). You may create as many user accounts as you require.
Apply the “Log on as Batch Job” group policy privilege to every user account that is to be used to import data using the Create Entity Wizard.
When you install the Trillium repository server, choose the option to install for repadmin only.
Change all Trillium services to run as a Local System account.
From the Windows Control Panel, open System and Security > Administrative Tools > Services.Click Start > Control Panel > System and Security > Administrative Tools > Services.
Locate the Trillium services.
Right-click, and choose Properties. Click the Log on tab and select the Local System Account option.
Click OK.
Set the following directory permissions:
Import directories - Grant permission for tssuser to read the directories where the data will be stored. Ensure that Local Service does not have permission to do so.
Application and Repository directories- Grant full control permissions to Local Service and deny access for tssuser.