Knowledgebase
Ion Service Account roles
Posted by Eric Hanig on 12 April 2016 11:21 AM

The following are the uses and purposes of the users we create when first installing Ion 6.0

IonCloudEngineAdmin - The user account used for authentication when connection to the Ion Management Service on port 5605. User account has 0 perms in the system. It's only used to prevent anonymous access and phishing connections.

IonCloudEngineAdmins - Has a single member of IonCloudEngineAdmin. This group has 0 permissions. When connecting to the Ion Management Service on Port 5605 with the authenticating user a check is made to make sure the authenticated user is allowed to authenticate. This is done by checking group membership to this group.

IonCloudEngineUser - Similar to IonCloudEngineAdmin, but for authentication to the request service. The user account used for authentication when connection to the Ion Request Service on port 5600. User account has 0 perms in the system. It's only used to prevent anonymous access and connections.

IonCloudEngineUsers - Similar to IonCloudEngineAdmins, but for authentication to the request service. Has a single member of IonCloudEngineUsers. This group has 0 perms. When connecting to the Ion Request Service on Port 5600 with the authenticating user a check is made to make sure the authenticated user is allowed to authenticate. This is done by checking group membership to this group.

ProviderAgentAdmin - Service Account. This is the only account with elevated perms. All provisioning is executed under this user context.

ProviderAgentAdmins - Not used as such...Has a single member of ProviderAgentAdmin. All elevated perms like Domain Admin, Enterprise Admin, CSAdministerators etc are added to this group (or the perms can be added to the provideragentadmin user directly)

(0 vote(s))
Helpful
Not helpful

Comments (0)