Managing user accounts on Linux and Solaris

In Manager, you can manage user accounts and assign them to either the agsadmin or agsusers user groups for access to the GIS Server. You can view, add, remove, and edit user accounts. Users belonging to the agsusers group will only be able to view the user list, while those accounts that belong to agsadmin will be able to add, remove, and edit accounts.

Accessing the ArcGIS Server System

ArcGIS Server handles requests and responses in a secure environment as described in the diagram below:

An embedded Sun Directory Server manages user access to the system based on a user's role. There are 2 levels of user access: user and administrative. The user and administrative accounts are created when ArcGIS Server for the Java Platform gets installed. At runtime, when a user request comes into the system, the Sun Directory Server that is embedded in the SOM will authenticate the user and determine what user group the user belongs to, agsusers or agsadmin, and maps the user to the appropriate OS-level account. The request is either accepted or denied based on the user's membership in either of these accounts.

About OS-level user accounts and ArcGIS Server

The following diagram describes the different user levels:

Installing ArcGIS Server on Linux or Solaris requires super user privileges. This is only required at the time of installation. There will be three OS level accounts needed for ArcGIS Server to run properly.

The install user - this user account will also be running ArcSOM and ArcSOC processes.

agsadmin – This user account will run the OS processes for agsadmin group users. This user will be created at the time of install. The default password is “agsadmin”. You need to be superuser to change the password using the “passwd [username]” command.

agsuser – This user account will run the OS processes for agsuser group users. This user will be created at the time of install. The default password is “agsuser”. You need to be superuser to change the password using the “passwd [username]” command.

NOTE: For distributed setup, SOM and SOC machines are on different machines, password for agsadmin on all machines must match. The password for agsuser on all machines must also match.

About user accounts for ArcGIS Server Linux and Solaris

ArcGIS Server users are managed and maintained by the ArcSOM. These are not OS-level accounts. You can manage these users through ArcGIS Server Manager or the command line interface. There are three types of ArcGIS Server users:

• admin user (“super user”): this user is created during the installation process. It has an administrator role. As an agsadmin group member, it can perform user management tasks: manage all users including admin, agsadmin, agsuser and the install user. The default password for admin is 'admin'. When you log into Manager for the first time, log in as admin.
• Special users:
  agsadmin : this user is created at the time of install at OS level as mentioned above. It is also created at the ArcGIS Server level. This user is not removable from ArcGIS Server. The default password is “agsadmin” – the same as the OS level. When you change the password for agsadmin, you must change at the OS level and the ArcGIS Server level.
  agsuser : this user is created at the time of install at OS level as mentioned above. It is also created at the ArcGIS Server level. This user is not removable from ArcGIS Server. The default password is “agsuser” – the same as OS level. When you change the password for agsuser, you must change it at the OS level and the ArcGIS Server level.
  Install user (SOM and SOC user): this user will not be created at ArcGIS Server level at the time of install. For a distributed setup, you must add this user at the ArcGIS Server level. The ArcGIS Server level password for this user must match on all machines. When you change the password for this user, you must change it at the OS level and the ArcGIS Server level.
• Other users: these are the users added by the admin user in Manager after ArcGIS Server has been installed and is running. These users have two roles: agsadmin and agsusers. The users belonging to the agsadmin group can login to Manager and create services. The users that are part of agsusers group can only connect to the ArcGIS Server and make use of services. agsuser group users cannot login to Manager itself. Only agsadmin group users can edit or modify user accounts. It is recommended that you only create necessary agsadmin group users, for example the Install user.

NOTE: It is strongly recommended that you change the password for admin, agsadmin, and agsuser accounts immediately after initial setup of ArcGIS Server.

Adding user accounts

Log into Manager as user "admin"

Navigate to the Users page in Manager by clicking the GIS Server tab and clicking on Users in the left-handle panel.

To add a new user account, click on Add Users. Here, you can also define the group that the account will belong to.

To remove a user, in the User list page, click on the checkbox next to the user or users you wish to remove and click "Delete".

To Edit a user account, click on the Edit button for the account you wish to edit and change the password, name, and/or user group.

Note: if you edit the password/group for the user that you are logged into Manager as, you must log out of Manager and log back in again.