Rules for using a Federated User Registry with HCL Workload Automation

This section describes the simple rules you must follow when configuring HCL Workload Automation to use a Federated User Registry:

No duplicate User IDs

You can define any number of user registries in a Federated User Registry. However, no user ID must be present in more than one registry (this prohibits using both Local OS and PAM as a joint authentication mechanism) and no user ID must be present twice in the same registry. Thus, if you configure multiple user registries it is because you have users in different non-inclusive groups that use different user registries and which need to access HCL Workload Automation.

Reserved registry IDs

The WebSphere Application Server tools use some specific IDs to recognize the registries and these are thus reserved keywords that you cannot use to create your own registries, whichever method you use to configure them:

twaLocalOS

Identifies the custom user registry bridge adapter configured for local operating system users

twaPAM

Identifies the custom user registry bridge adapter configured to use the Pluggable Authentication Module (PAM) with HCL Workload Automation – it is not available on Windows operating systems

twaLDAP

Identifies the user registry bridge configured for LDAP users

defaultWIMFileBasedRealm

Identifies the default WebSphere Application Server File Registry