Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Concepts

The Three-User Model for Token Vault Users

search

Please Note:

The Three-User Model for Token Vault Users

This three-user model is suitable for many organizations. It defines three user-roles, as follows:

  • The OWNER: owns token vaults and metadata tables.

  • The ADMIN: can create and delete token vaults.

  • The RUNTIME user: can run CT-V, but cannot create or delete token vaults, or perform re-key operation.

Example

For the purposes of the following example, the RUNTIME user will be called TMRUNNER, the OWNER user will be called TMOWNER, and the ADMIN user will be called TMADMIN.

To set up a run-time user follow these steps:

  1. Create a new user in the database, such as TMRUNNER. If you have already defined an existing user that you would like to use as the run-time user, you substitute that user for TMRUNNER and skip this step.

  2. Use the run-time user configuration tool, RtConfig, as follows:

    $ java com.safenet.token.RtConfig TMADMIN TMADMIN_PASSWORD TMOWNER TMRUNNER TOKENVAULTNAME

Note

When running this tool, TMOWNER user and TMRUNNER user must not be the same user.

Note

The RtConfig tool is supported for Oracle database only.

The RtConfig tool will perform necessary steps to enable run-time user access for the specified token vault.

At completion, the tool will display the following message:

Run-time user TMRUNNER configured to access token vault TOKENVAULTNAME.

After performing this procedure you can:

  • Run CT-V as TMRUNNER

  • Run CT-V as TMOWNER

By running CT-V as TMRUNNER, you avoid having to disclose the OWNER user password to CT-V clients. This prevents the inadvertent use of destructive operations such as dropping or removing a token vault.

On this page