As part of your implementation, use site security to configure access to the local file system, services, and message queues.
A Site is a remote Insight server that serves as a node in your Integration and provides its logical organization. The information you want to share between different nodes originates, passes through, or terminates at a Site. Individual Site nodes are listed under the Console node in the Console Console.
The Console can provide access to the file system, MSMQ Message Queues, and local services. By default, no access is permitted to any of these resources. Access is only granted by exposing the resources on a per item level using the Console Security node. The Console Security node is only available on a Console that is running as a local connection on the machine that hosts the TIBCO Scribe® Insight server.
Note: Exposing only the resources needed for the integration can mitigate your security risk. This is especially important if you are using Console connections across the Web.
The user account that the Scribe services are run in controls what resources are available to the Security node you are exposing. After a resource is exposed, the level of access granted is also dictated by the user account that the Scribe services are run in. This allows you to create and use a restricted account that has access only to the desired resources at the minimum needed access level for the integration, further alleviating any security risks.
After installation, all Scribe services are set to run in the system account, which is a highly privileged account. This makes all local resources available for exposure and does not allow any network resources to be displayed. TIBCO strongly recommends that you create a user account for the services to run in that provides only the needed access. After you create this user account, all Scribe processes operate in the security context of this restricted account and only the resources available to that account are available to be exposed to the console.
Security helps you enforce:
You must decide what resources you want to make available through the Console. Using the Console, you can control local services and provide remote access to the file system, MSMQ Message Queues, and ODBC DSNs. You can manage each of these resources on a per-item level.
From the Security Settings window, you can configure the following settings:
See also