Platform SDK: Transaction Server |
[This product will work only on Windows NT 4.0 versions and earlier. For Windows 2000 and later, see COM+ (Component Services).]
You can configure a package (which is a single server process) to run as one of the following package identities:
By default, MTS packages run as Interactive User.
In many deployment scenarios, it is preferable to run a package as an Windows NT user account. If a package runs as a single Windows NT user account, you can configure database access for that account rather than for every client that uses the package. Permitting access to accounts rather than individual clients improves the scalability of your application.
For example, consider an Accounting package that updates a SQL Server database with billing and sales information. You can configure the database Accounting table to allow read access for a Windows NT user. .
Note that when you set the package identity, MTS validates the password that you enter. However, if you change the password for the account without updating the password in the MTS Explorer, the package cannot run.
To set package identity to a specified user account:
Note that if you want to use package identity to restrict access to a database, you must set database access privileges for the user account.
Important When you create secure IIS applications that use process isolation, IIS creates an MTS package that is set to run as IWAM_<computer name>. If you wish to change the identity of these packages, you should also add the new package identity to the "MTS Impersonators" group or security will not work properly in other out-of-process MTS components called by your package. If this is not done, the caller will appear to be IWAM_<computer name> rather than the actual client of IIS.
See Also
Mapping MTS Roles to Users and Groups, Enabling MTS Package Security, Adding a New MTS Role, Identity Tab (Package)