You are viewing limited content. For full access, please sign in.

Question

Question

Best to Use Repository Users for all Service Accounts?

Security Import Agent Audit Trail Forms Workflow
Updated March 31, 2021
asked on March 30, 2021

It was mentioned in Empower 2021 that it is best to setup the Workflow account that is used to connect to a repository as a repository user instead of setting them up in Directory Server. Would the same hold true for other service accounts like Import Agent, Audit Trail, and Forms?

0 0

Answer

SELECTED ANSWER
replied on March 31, 2021 Show version history

There's a marginal gain if the LFServer does not have to proxy your login to the Directory Server, and the resulting faster connection could add up to better performance in an application. But, we're talking milliseconds and Workflow pools connections, so really....marginal gain.

The other reason for using repository users is to absolutely positively ensure that this specific user will not be able to access other repositories.

The same is true for all background applications that log into the repository.

2 0

Replies

replied on March 30, 2021

In general, yes. If you want to use Windows authentication between services, it means that the service needs to run as a domain account. You would prefer to run services as one of the low-trust service accounts built in to Windows, in accordance with the Principle of Least Privilege.

0 0
replied on March 31, 2021

Brian, I apologize I wasn't very clear in my question. When I said service account, I meant the account that Workflow uses to access the repository. The same with the accounts that Import Agent, Audit Trail, and Forms would use to access the repository as well. I think the answer is the same, but just wanted to clarify.

0 0
replied on March 31, 2021

Also, at what point do you start seeing performance degradation if an account like the one used for Workflow to connect to a repository is in LFDS vs. the repository?

0 0
replied on March 31, 2021

I haven't timed it, but I'd expect you might see a (likely minuscule) difference if you have bursts of activity that would require Workflow to make lots of new connections in a very short period of time.

2 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...