186 IBM Enterprise Workload Manager
6.2.4 EWLM processes
The EWLM server processes read and write persistent information maintained in the internal
database and the diagnostic folders and files.
The folders and files are created at configuration time in the working directories associated
with specific domain manager and managed server instances. In general, public access to
these directories should be avoided. Where necessary, ownership is assigned or appropriate
access is granted to the user IDs and accounts these processes are configured to run under
by default on the various system types.
You might choose to enable other specific user IDs and accounts to read the diagnostic
information, or possibly, to run the processes by granting appropriate access to these
directories and files.
The EWLM managed server process also requires access to use specific application
interfaces. This access depends on the capabilities of the user ID or account it is running
under, which in turn depends on the operating system:
On AIX: The managed server must either run as root or as a non-root user that has the
On i5/OS: The STRWLM CL command runs the managed server under the QWLM profile,
with the necessary access rights.
On Solaris: The managed server must be run by either root or a user that has an effective
UID (EUID) of 0.
On Windows: The managed server must run either as an application (started with the
StartMS.bat command under an account in the Administrators group), or as a service
(started with the StartMSService.bat command, which also must be run under an account
in the Administrator’s group).
6.2.5 Instrumented applications
In order to be able to participate in an end-to-end transaction monitoring schema, all the
middleware applications need to be able to use ARM application interfaces. Their ability to
successfully use the ARM APIs is usually determined by the capabilities of the user ID or
account running them. This depends on the operating system hosting the infrastructure:
On AIX: The application must either run as root or as a user that has the
On i5/OS: The application must run under a user ID that has been granted authority to use
the QSYS2/LIBARM4 service program, or the application must be owned by a user ID that
has this authority and it must adopt the owner’s authority.
On Solaris: The application must be run by either root or a user listed in the
application_auth list in the file /etc/EWLM/auth.
On Windows: The application must run in Local System Account or in an account that
belongs to the Administrators group or the EWLMArm4Users group.