Transaction Integrator Security

Security affects TI in two ways. First, TI components can be assigned security attributes in the same way as other COM+ components. This requires no TI development. Second, the TI run-time environment needs to deal with the security mechanisms of the remote environment (RE). TI provides two security options with an optional override for each:

  • Package-level (also known as application-level)
  • User-level
  • Optional explicit-level override

When configured for user-level credentials, TI makes use of the APPC Privileged Proxy feature for single sign on. This requires that the user context that the APPC application (TI, in this case) is running under be a member of the HSDomain_Proxy group. (The HSDomain_Proxy group is one of the two groups created when the host security domain is created.) By default, the HSDomain_Proxy group contains the Domain Admins group. If TI is not running under the context of a user in the Domain Admins group, you will need to add the user to the HSDomain_Proxy group.

When deploying a TI component, the administrator must choose either package-level security or user-level security as the default. The optional explicit-level security override is a separate option that the administrator can enable or disable; the override applies regardless of which security option (package-level or user-level) is in place. If the explicit-level override is disabled, base applications will not be permitted to use the callback to provide user credentials. The administrator can also turn on the optional Already Verified settings.

This section contains:

To download updated Host Integration Server 2004 Help from www.microsoft.com, go to http://go.microsoft.com/fwlink/?linkid=29507.

Copyright © 2004 Microsoft Corporation.
All rights reserved.
Show: