Software AG Products 10.7 | Administering Integration Server | Removing User Data from Integration Server | Removing References to a User Account
 
Removing References to a User Account
Prior to deleting a user account you need to update all of the locations in Integration Server that reference the user account, including execution users, certificate mappings, and outbound connection configurations. If you delete the user account before updating functionality that depends on the user account to execute successfully, Integration Server may experience failures.
Software AG recommends that you complete user-related updates in this order:
1. Change client certificate mappings. An imported client certificate or CA (Certificate Authority) signing certificate is mapped to a user account. Before you delete a user account that is mapped to a client certificate, do one of the following:
*Change the certificate mapping. For more information see, Changing a Certificate Mapping.
*Remove the certificate mappings stored in the database table IS_CERTIFICATE_MAP of ISInternal JDBC Pool. Because a user can be mapped to more than one certificate, you might need to delete multiple mappings. You can use the following database DELETE statement to quickly remove any user certificate mappings:
DELETE FROM IS_CERTIFICATE_MAP WHRE CERT_USER = “username
Where username is the user account that you intend to delete.
2. Change the user account assigned to execute tasks, services, and triggers. You might need to update one or more of the following:
Update this asset
Specifically
Using
Scheduled tasks
Run As User value on the Server > Scheduler > User Tasks > Modify Tasks page
Integration Server Administrator.
JMS triggers
Execution user property for the trigger
Designer
webMethods messaging triggers that receive messages from Universal Messaging
Execution user property for the trigger
Designer
webMethods messaging triggers that receive messages from Broker or messages published locally
Run Trigger Service As User field available on the Settings > Resources > Store Settings page
Integration Server Administrator
Enterprise Gateway rule that uses a service as a custom filter.
Run As User field for the custom filter on the Security > Enterprise Gateway Rules > Rules > rulename > Edit page
Integration Server Administrator on the Integration Server acting as the Enterprise Gateway Server
Enterprise Gateway alerts that invoke a flow service to alert you of a rules violation.
Run As User field for the default alert options on the Security > Enterprise Gateway Rules > Edit Default Alert Options page
Integration Server Administrator on the Integration Server acting as the Enterprise Gateway Server
Email ports
Run services as user field on the Security > Ports > Edit Email Client Configuration page
Integration Server Administrator
File polling ports
Run services as user field on the Security > Ports > Edit File Polling Configuration page
Integration Server Administrator
Package subscriptions on the current server
Remote User Name field on the Packages > Publishing > Edit Subscriber page
Integration Server Administrator
Package subscriptions on a remote server
Local User Name field on the Packages > Subscribing > Edit Subscription page
Integration Server Administrator
WmCloud account settings
Run As User field on the webMethods Cloud > Accounts > Edit Account page
Integration Server Administrator
Note:
The above list does not include execution users assigned for adapters.
3. Change server configuration parameters that specify a user as the value, including:
*watt.server.cache.prefetchUser
*watt.server.event.routing.runAsUser
*watt.server.eventHandlerUser
Use the Extended Settings page in Integration Server Administrator to edit the server configuration parameters
Note:
The above list of server configuration parameters is not exhaustive and may not include parameters added via fixes or by a layered product such as an adapter.
4. Change outbound connection configurations. Any location in Integration Server, including any services, in which a user name is specified to establish an outbound connection. This may include the following:
*Remote server alias, which is editable via Integration Server Administrator.
*Web service endpoint alias, which is editable via the Settings > Web Services > endpointAliasName > Edit page in Integration Server Administrator.
*Messaging connection aliases, including:
*JMS connection alias, which is editable via the Settings > Messaging > JMS Settings > JMS Connection Alias > Edit JMS Connection Alias page of Integration Server Administrator.
*webMethods messaging connection alias, which is editable via the Settings > Messaging > webMethods Messaging Settings > Universal Messaging Connection Alias > Edit Universal Messaging Connection Alias page of Integration Server Administrator
*Outbound HTTP calls such as those using pub.client:http, pub.client:soapClient, or web service connectors
5. Change configuration variables templates. A configuration variables template used with a Microservices Runtime image running in a Docker container or an on-premises Microservices Runtime might specify a user name for one of the key-value pairs. Using a text editor, edit the template to change the value of property key that specifies the user name you want to remove from Microservices Runtime. Property keys for a user name typically include the word “user” or “principal”.
Note:
If a Docker image for an Microservices Runtime includes application.properties template, then each Docker container created from the image contains the template too. The template is removed when the Docker container gets destroyed. If the containers do not get recycled periodically, you can attach to the container file system and scrub the user names from the application.properties template.
Note:
The configuration variables template feature is included in Microservices Runtime by default. An Integration Server equipped with an Microservices Runtime license can use the configuration variables feature as well.
6. Delete the user from Integration Server.
7. Repeat steps 2–7 for each Integration Server on which the user name exists. For example, if you use a cluster of Integration Servers, you need to repeat the steps for all servers in the cluster.
Note:
Client certificate mappings are stored in a database which is shared by a cluster. You do not need to repeat step 1 for every Integration Server in the cluster.
8. Recreate any Docker images for the affected Integration Server instances.