running job servers under different linux user accounts
Hi One of our staff feels it is necessary to run job servers with different user credentials as someone might run Windows job using different Windows user accounts to stop the user from being able to access different files for example in a directory tree. This same person also felt it was right to use a different account in the database to access different tables and data. I have not seen anyone publish security models and other concerns around Talend job servers. Does anyone have knowledge as my Googling has come up short so far? Does anyone have an opinion as to running the multiple job servers under different user accounts to separate access to files in a directory tree? Is this a risk I cannot see any risk as such? As I see it is a service/daemon in effect running the jobs and as such it doesnt really matter which user runs the jobs but running different job servers with different user credentials seems to add complexity and increase resource needs to accommodate this? As this is considered an architectural thing Talend support doesn't provide any advice on this. Any thoughts appreciated Peter
Re: running job servers under different linux user accounts
It is not possible with the architecture of the job server to run the jobs under different user accounts. The only security method for job servers is to use user and password to get access to the job server it self. For me securing the access to resources should be part of the design of the job. If the job tries to access a restricted resource you have to deal with the exceptions as well so why not build the job it self to restrict the access. Job running in a job server should for sure not use personal accounts instead they should use technical accounts which survives also password changing rules and if the user does not work in the company anymore.