Previous Topic: Changing CA ControlMinder Service Account SettingsNext Topic: Service Account Passwords


How CA ControlMinder Service Accounts Interact with CA ControlMinder Components

The following diagram shows how the service accounts interact with various CA ControlMinder components.

This diagram shows how the service accounts interact with CA Access Control components.

The numbers in the diagram correspond to the following service accounts:

  1. RDBMS_service_user

    This account authenticates communication between the Enterprise Management Server and the RDMBS.

    Note: This account is not named RDBMS_service_user. You specify the name of this account when you create a user to prepare the database for CA ControlMinder Enterprise Management.

  2. guest

    This account is the JNDI connection account that locates the message queue in the Message Queue server.

    Note: You can change the JNDI connection account after installation.

  3. reportserver

    This account lets the DMS and CA ControlMinder Enterprise Management log in to the Message Queue.

  4. +reportagent

    This account lets an endpoint log in to the Message Queue.

  5. +policyfetcher

    This account executes the policyfetcher daemon or service on the endpoint.

  6. +devcalc

    This account executes the policy deviation calculation on the endpoint.

  7. ac_entm_pers

    This account authenticates communication between the Enterprise Management Server and the DMS.

  8. ADS_LDAP_bind_user

    This account lets CA ControlMinder Enterprise Management perform LDAP queries against Active Directory.

    Note: This account is not named ADS_LDAP_bind_user. The name of this account is the User DN that you specify in the Active Directory Settings wizard page when you install CA ControlMinder Enterprise Management.