Default Enterprise Server Security Configuration

Beginning with release 10.0, a basic security configuration is included with Enterprise Developer and Enterprise Server and enabled as part of product installation. This configuration requires users authenticate to Enterprise Server, including Enterprise Server Common Web Administration (ESCWA), and be authorized to perform various actions.

The default security configuration is comprised of the following elements:

• The VSAM ESM Module, which implements an External Security Manager (ESM) using a set of COBOL indexed files. The VSAM ESM Module was introduced in release 9.0 as an Early Adopter Program (EAP) feature. It is now a regular feature of the Visual COBOL, Enterprise Developer, and Enterprise Server products.
• A set of security definitions (users, groups, and resource access rules) for the VSAM ESM Module, based on the sample security configuration for LDAP which is also supplied with Enterprise Server. These definitions are supplied with the product as a YAML file, and during installation are used to create a set of security-data files for the VSAM ESM Module in a standard location.
• An External Security Facility (ESF) Security Manager definition in ESCWA which uses the VSAM ESM Module and the supplied default security data. On installation, ESCWA is configured to use this Security Manager.
• A similar ESF Security Manager definition in MFDS. The MFDS Default ES Security is set to use this definition, and MFDS itself is set to use Default ES Security as its security configuration.
• Credentials for the administration user account SYSAD and a limited-access account readonly in the default Micro Focus Secrets Vault. Passwords for these two accounts are created at installation, so they are different for each product installation. See Getting Started with Default Enterprise Server Security for instructions on retrieving these credentials.
• Utilities for disabling and recreating the default security configuration.

For product reinstallations or upgrades, if security data already exists, default security will not be enabled. Your existing security definitions will be preserved.