The System package included in every MTS installation is unique because it
contains components used internally by MTS. The security settings associated with the System
package determine who may administer the MTS installation and who may look up information
about the components available on the server.
Because MTS security is tightly integrated with Windows NT security, any security
settings associated with the System package will apply to users running the MTS Explorer
utility. Also, MTS Explorer security settings are enforced on both the local MTS machine and
remote machines. In regard to the System package, two security roles or levels are available.
The first is the role of Administrator who has access to any feature provided by the MTS Explorer.
This includes items such as creating, modifying, and deleting MTS packages. The Reader, the second
security role defined for the System package, gives the user the ability to browse the hierarchy
of objects presented in the MTS Explorer. However, the Reader cannot modify, install or delete
packages, or change any properties of components in general.
To take advantage of these two security roles, they must be mapped to an existing
NT User or Group. The functionality of the roles are thus provided for only the group assigned
to it.
Mapping a user to the Administrator role takes place in the following steps:
STEP BY STEP
15.2 Mapping a User to the Administrator Role of the System Package
-
From the Start Menu, go to Programs\Windows NT 4.0 Option Pack\Transaction Server and
select Transaction Server Explorer.
-
From the Microsoft Transaction Server folder in the left pane of the Explorer,
expand the Computers folder by double-clicking it.
-
Double-click the My Computer icon.
-
Double-click the Packages Installed folder to see the list of MTS packages currently
installed on the server. It includes the System package (see Figure 15.5).
FIGURE 15.5 The System Package is a part of every MTS installation
-
Select the System package. Notice that there are two folders in the right pane: Components
and Roles.
-
Open the Roles folder by double-clicking on it. You will now see both Administrator
and Reader roles.
-
Double-click the Administrator role.
-
Open the Users folder.
-
On the Action menu, click New. You can also select the Users folder and click the
Create new object button or right-click the Users folder and select New and then
Users.
-
In the dialog box that appears (see Figure 15.6), add the Everyone group to the role.
You can use the Show Users and Search buttons to locate a user account. If you wish, you
may add your own user account instead of the Everyone group.
FIGURE 15.6 Users and Groups from the Windows NT Domain can be mapped to the Administrator
role for the System package
-
Click OK.
NOTE - Default Administration Access : It is
very important to note that by default no user is mapped to either role. The implications
of this may not be readily apparent but are nevertheless crucial. If a role has
no user associated with it, then anyone has access to all MTS Explorer functions
associated with that role. In other words, any user on the network can do all
the administrative tasks available from MTS Explorer in a default installation
of MTS due to the fact that the Administrator of the System package has no user
mapped to it.
