Understanding the Web Server and IBM i User Profiles

Under full authentication, the Web Server will not permit you to access an application unless you provide a valid profile. If a valid profile is provided, then LANSA Web is invoked. The Web Server user profile is specific to the Web Server. It is not an IBM i user profile. The Web profiles are created as part of a Web Server validation list. Users are not entering IBM i user profiles over the Internet.

For process level authentication, LANSA Web checks if the Web Server user profile is a registered LANSA Web user. If the user is known to LANSA Web, an associated IBM i user profile is used to execute LANSA at the IBM i. LANSA Web will map the Web Server (external Internet profile) onto to a real IBM i (internal) user profile. This IBM i user profile will be used to determine the access rights to IBM i objects.

If the Web Server user profile is not registered with LANSA Web, the user will still be allowed to use LANSA Web, provided that there is an anonymous user registered. This means that LANSA Web will use the default user profile on the IBM i to determine the user's access rights to the IBM i objects. The default user profile should always have minimum authority to the IBM i and LANSA.

Note that once the user has been authenticated by the Web Server, the profile will persist throughout the life of the browser. This means that subsequent requests to LANSA Web will use the same user profile, irrespective of whether or not the LANSA process requires user authentication.

Note: You should NOT use the same user profiles and passwords throughout your system. If an individual learns your Internet User Id and Password, they would be able to access that particular Internet application. They would be able to use Telnet and log on to your IBM i!