Primeur Online Docs
Data Mover 1.20
Data Mover 1.20
  • 🚀GETTING STARTED
    • What is Primeur Data Mover
    • Main features of Primeur Data Mover
    • Primeur Data Mover deployment
    • Navigate through Primeur Data Mover
  • 👥Actors
    • Who are the actors
    • Create your first actor
    • Configure an actor 🚀
      • Users Tab
      • Groups Tab
      • VFS Tab
      • File Resource Tab
      • Connection Contract Tab
      • Client Connections Tab
    • Search files by actor
    • Actor Lineage 🚀
      • Aggregation of flows by protocol 🚀
      • Lineage with connection contracts 🚀
      • Lineage with input, mediation and output contracts 🚀
      • Lineage with any contract type 🚀
  • 📝Contracts
    • What is a contract
    • Create your first contract
      • Create an Input Contract
        • Define the contract info
        • Associate the contract with the actor
        • Define the contract actions
        • Set the contract variables
      • Create a Mediation Contract
      • Create an Output Contract
      • Create a Connection Contract
        • Create a contract clause
        • Associate the VFS with file processing rules
        • File Processing Rules
    • Managing contracts 🚀
  • 🧱Workflows
    • What is a workflow
    • Create your first workflow template
    • Trigger types
      • Trigger types for input contracts
      • Trigger types for mediation and output contracts
    • Service tasks
      • Standard service tasks
      • Triggerable service tasks 🚀
      • Spazio selectors and filebox metadata management
      • Error management
    • Variables
      • Variables in workflows and contracts
      • Handling process variables
    • Workflow templates
      • System workflow templates
        • Workflow templates for input contracts
        • Workflow templates for mediation contracts
        • Workflow templates for output contracts
      • Custom workflow templates
        • Workflow template toolbar
        • Workflow template Shape repository panel
        • Workflow template working area
        • Workflow template BPMN-diagram panel
      • Error workflow templates
    • Editing workflow templates
    • DataFlow Instance Context (DFIC) 🚀
  • 🔓Security
    • Identity and Access Management
    • Users & Groups
      • Setting the password policy
      • Creating Internal Users 🚀
      • Creating Internal Groups
      • Creating External Users
      • Creating External Groups
    • Key Stores and Trust Stores
      • Key Store 🚀
        • Creating a Key 🚀
        • Creating a Certificate 🚀
        • Importing a Key or a Certificate
        • Creating a Symmetric key
        • Examples
      • Trust Store 🚀
        • Importing Keys 🚀
        • Importing Certificates
      • Untrusted Cache 🚀
      • Trusting an element
        • When do I use the Keys tab?
        • When do I use the Certificates tab?
      • PGP Key Store / PGP Trust Store
        • Configuring the PGP Key Store
        • Importing keys into the PGP Trust Store
  • 🛸TRANSPORT PROTOCOLS AND CONNECTORS
    • Data Mover client and server roles
    • Client Connections
      • Client Connection: FTP
      • Client Connection: FTPS
      • Client Connection: SFTP
      • Client Connection: HTTP
      • Client Connection: HTTPS
      • Client Connection: PESIT
      • Client Connection: SMB v3 or later versions
      • Client Connection: POP3 IMAP
      • Client Connection: SMTP
      • Client Connection: PR4/PR4S
      • Client Connection: PR5
      • Client Connection: PR5S
      • Client Connection: HDFS
      • Client Connection: HDFSS
      • Client Connection: Amazon S3 🚀
      • Client Connection: Google Cloud Storage
        • Credentials
      • Client Connection: Azure Blob Storage
      • Client Connection: IBM Sterling Connect:Direct
      • Appendix
    • Server Connections 🚀
      • Server Connection: FTP
      • Server Connection: FTPS
      • Server Connection: SFTP
      • Server Connection: HTTP
      • Server Connection: HTTPS
      • Server Connection: PeSIT
      • Server Connection: PR4
      • Server Connection: PR5
      • Server Connection: PR5S 🚀
      • Server Connection: IBM Sterling Connect:Direct
    • Stopping all servers in one go
  • 🛰️DMZ GATEWAYS
    • DMZ Gateways
    • DMZ Clusters
  • 🎧FILE EVENT LISTENER
    • What is the File Event Listener
    • Configuring File Event Listeners
      • Setting the File Event Listener Engine
      • Defining a contract for the File Event Listener
      • Setting events to be monitored
    • RegEx Rules 🚀
    • Monitoring File Event Listeners
  • 🔍ICAP
    • ICAP Engines
    • Configuring an ICAP Engine
    • Defining an ICAP rule
  • 📚CLUSTERING
    • STENG, Clusters and Servers
    • Adding a cluster and a STENG
    • Deleting a STENG
  • 🕒MONITORING
    • Jobs
      • Details about Jobs 🚀
      • jobman.sh CLI
    • Job Manager
    • Job Queues
      • Managing Job Queues
    • File Transfers
      • Ongoing
      • Finished
      • Reports
    • File Transfers Rules
      • Configuring Rules
  • 🤓ADMINISTRATION
    • Storage Classes 🚀
      • Storage Class: File System 🚀
      • Storage Class: SMB v3 or later versions 🚀
      • Storage Class: Amazon S3 🚀
      • Storage Class: Google Cloud Storage 🚀
      • Storage Class: Azure Blob Storage 🚀
    • Retention Classes
    • Virtual File Systems (VFS) 🚀
      • Creating a VFS 🚀
      • Configuring a VFS
      • Adding Virtual Paths
      • Modifying and Deleting a VFS
      • Searching files in all VFS
    • File Resources
      • Creating File Resources
      • Navigating File Resources
      • How to use File Resources
    • Advanced Settings
  • 👑FILE MANAGER
    • Getting started
    • Logging into File Manager
    • Managing the File Manager 🚀
      • The list of results
      • Creating new folders
      • Uploading files
      • Downloading files 🚀
      • Searching for files and folders
      • Deleting files 🚀
      • Bulk actions 🚀
    • File Manager and VFS
    • Customizing File Manager externals
      • The configuration-wui.json file 🚀
      • How to customize the Login window and the logo
      • How to customize the footer
      • How to configure the Upload with Metadata option
      • How to customize bulk actions 🚀
  • 🧑‍⚖️FILE ROUTING
    • What is File Routing 🚀
    • Routing Rules page
      • The Rules tab
      • The Categories tab
      • The Output tab
    • How to create a rule 🚀
      • Add metadata 🚀
      • Select ACTIONS
      • Select OUTPUTS
      • Policy for the selection of metadata rules
    • Configuration of the environment in Data One
      • Set up Storage Classes
      • Set up Retention Classes
      • Configure the Actor
      • Set up File Resources
    • Associate the Routing Rule with a Contract
    • Example
  • 💬LOGS & AUDIT
    • Logs 🚀
      • Logs options 🚀
      • Troubleshooting error analysis in Logs
    • Audit Options 🚀
      • Export audit logs 🚀
      • List of Audit entity types 🚀
      • Audit message codes 🚀
    • Log Notifiers 🚀
      • FEL message codes
  • 📩NOTIFICATION CHANNELS
    • What are Notification Channels
    • Configuring the default Email Notification Channel
    • Configuring a new Email Notification Channel
    • Trusting Certificates
    • Managing Templates
      • Data Watcher Macros
      • Contract Macros
      • ICAP Macros
      • Central Log Macros
      • Email Templates
      • Editing default templates
      • Loading a new template
  • 🟣DATA MOVER + DATA WATCHER
    • Data Mover in a bundle with Data Watcher
    • Attributes 🚀
    • Cut-off Board
      • Cut-off Calendars
    • Dataflow Inquiry
  • 🟠DATA MOVER + DATA SHAPER
    • Data Mover in a bundle with Data Shaper
    • Monitoring
    • Execution History
    • Sandboxes
  • 💻API
    • HTTP MFT Rest API
    • Job Manager APIs 🚀
    • SFTP Server sessions APIs 🚀
    • Audit Logs APIs 🚀
  • 🧐HOW TO...
    • ... use different DNS names - NEW! 🚀
    • ... configure a Cron Expression
    • ... configure an Application
    • ... customize a header
    • ... run searches in Data Watcher 🚀
    • ... use Data Shaper graphs in Data Mover contracts
    • ... modify DMCFG and deploy it
    • ... tune Data One data retention
  • 🗒️RELEASE NOTES
    • Data One 1.20.10
    • Data One 1.20.9
    • Data One 1.20.8
    • Data One 1.20.7
      • Data One 1.20.7.1
    • Data One 1.20.6
    • Data One 1.20.5
    • Data One 1.20.4
    • Data One 1.20.3
    • Data One 1.20.2
    • Data One 1.20.1
    • Data One 1.20.0
Powered by GitBook
On this page
  1. Security
  2. Users & Groups

Setting the password policy

PreviousUsers & GroupsNextCreating Internal Users 🚀

Last updated 10 days ago

In Data Mover, password policies that will be applied to Company and Actor users and stored in the internal product repository can be defined. The password policy is applied to all users defined in Data Mover.

The configuration of the password policy occurs clicking the User management settings button in the upper right-hand corner.

To define the password policy, follow these steps:

  1. In Setup → Users and Groups, click the User management settings link.

  2. The User management settings & preferences window will appear.

  3. In this window, you can define:

    • Re-use old password: specify the number of old passwords that must not match the new password. Possible values: from 1 to 10. The higher the number, the higher the security.

    • Password expiration: enter the number of days, months or years the password will last.

SECURITY TIP! If you do not set a Password expiration value, users can change their password as many times in a row as necessary to reuse their original password. Moreover, by specifying a low number for Re-use old password, users will be able to continually use the same small number of passwords.

  • Character set: check this box to enable the LOWERCASE, UPPERCASE, NUMBERS, and SPECIAL chips. Selecting a chip will define that at least one character compliant with the policy must be present. This is the list of all special characters that are supported in the password: - _ - : % ' * ! £ $ @ . , \ \ / # ^ ? ( ) { } ] [ ~

  • Length: check this box to set the minimum and maximum length of the password.

  1. Click Save when done.

The settings will be applied when a new User is created or when the password of an existing User is changed. This means that already existing Users will be affected only after their password expires.

In the example below, a new user is created. The system has verified that the password is not compliant with the settings and the relevant details are listed below the PASSWORD field of the Account Info section.

Details on correct and incorrect settings appear as soon as the cursor is moved to a different field.

A Generate button is available to generate the password automatically. Note that if the Character set and/or Length boxes are checked in the User management settings & preferences window, the Generate button will not appear.

When editing a User and entering a new password, the policy will be applied. Of course, the previous password will be overwritten.

When the password expiration day is approaching, the user will receive a notification email with the link to the page where the new password can be set. By default, the email is sent 15 days before the password expiration day but the number of days is configurable – see the pwdCheckJob_beforeExpiryDays parameter documented here below.

The user can access the portal and change the password without waiting for the email.

The Administrator can configure different options than those set by default. To do so, go to Setup → Advanced Settings and click the ADD PROPERTY button on the top-right corner. In the dialog window that appears, add the properties you want to configure, selecting:

  • MODULE: ghibli-rest

  • SECTION: a3-config and entering the PROPERTY NAME and PROPERTY VALUE for the following parameters according to your needs:

  • pwdCheckJob_linkAddress: configure the address of the web page where the new password can be changed. The default address is: http://localhost:9081. If the application is exposed through a balancer, this address must be the balancer address.

  • pwdCheckJob_linkContext: configure the final part of the URL to access the change password service. The default is "/uportal/static/index.html". This parameter is useful if you need to hide the full path of the application for example using an external application proxy.

  • pwdCheckJob_startDate: configure when the service must start checking passwords. The default is every day at 11:00:00 am. The date must be entered in UTC with this format: "yyyy-MM-dd'T'HH:mm:ss'Z'", for example, 2021-02-13T10:55:00Z. After changing this parameter, you must restart the CEMAN.

  • pwdCheckJob_beforeExpiryDays: when the password expiration day is approaching, the user will receive a notification email with the link of the page where the new password can be set. You can set a different number of days before password expiration when the notification email must be sent. The default is 15 days.

  • pwdCheckJob_intervalMinutes: follow-up notification emails are sent regularly until users change their passwords. By default, every 24 hours (1440 minutes), the system checks if the password has been updated and – if not – an email is sent to the user. Set a value different to the default 1440 minutes if you want to increase or decrease the check and the email frequency. Set this value to 0 if you do not want to send regular reminders to the users. Remember that the value must be set in minutes. After changing this parameter, you must restart the CEMAN.

The following properties must be added when the system is configured to have a Cluster with 2 STENGS and 2 DMZ Clusters associated with each STENG. If you change these parameters, the STENG must be restarted.

  • uportal...steng.port: use this property to configure the port the STENG user portal application is running on. The default is 9080, see server.xml IBM Liberty configuration for details. The default value is steng.http.port. If missing, the steng.https.port system properties value (listed in the bootstrap.properties file) will be used. Note that since STENG runs by default in http mode, uportal will be preferentially exposed through DMZ in HTTP mode. If you need https, you must configure Liberty for https connector and set this parameter accordingly.

  • uportal...steng.address: use this property to configure the hostname the STENG user portal application is running on. The default value is the steng.host system property value (listed in the bootstrap.properties file) or localhost if steng.host=*. For the default localhost, see the server.xml IBM Liberty configuration.

  • uportal...dmz.port: use this property to configure the port the user portal application is exposed by DMZ Gateway. The default is 9081. If set to 0 or -1, uportal will NOT be exposed through DMZ by peer with and . If you have more than one STENG, make sure that steng.http.port and steng.https.port system properties are different or, at least, that a different value of uportal...dmz.port is defined for each STENG.

Remember that parameters must be edited only if you need to change default values. If default values suit your needs, no additional configuration is required.

Example: If you want the password change notification email to be sent 10 days before the expiration day instead of the default 15 days, go to Setup → Advanced Settings, click the ADD PROPERTY button, and enter:

  • MODULE: ghibli-rest

  • SECTION: a3-config

  • NAME: pwdCheckJob_beforeExpiryDays

  • VALUE: 10.

In the PASSWORD field, click the icon to display the characters you are typing.

Details about the configuration of the SMTP channel that will send the emails to the users are available in the Setup → section.

🔓
Notification Channels