Siebel Security Hardening Guide > Securing the Operating System >

Assigning Rights to the Siebel Service Owner Account

Siebel Business Applications are installed using the Siebel service owner account. This account must belong to the Windows domain of the Siebel Enterprise Server (Windows environments) or to the users group of the Siebel Enterprise Server (UNIX environments) and must have full write permissions to the Siebel File System.

Implement the following recommendations for the Siebel service owner account:

• Make sure a strong password has been set for the Siebel service owner account.

  For information on changing the password for the Siebel service owner account, see Siebel Security Guide.

• Set the user account policy to lock the account after three unsuccessful login attempts.
• Assign appropriate rights for the account as described in the following procedures.

For information on creating the Siebel service owner accounts, see Siebel Installation Guide for the operating system you are using.

Assigning Rights to the Siebel Service Owner Account on Windows

The following procedure describes how to assign rights for the Siebel service owner account on Windows.

To assign appropriate rights to the Siebel service owner account on Windows

1. From the Start menu, select Settings, Control Panel, Administrative Tools, and then choose Local Security Policy.
2. Select Local Policies.
3. Click User Rights Assignments.
4. Assign the following rights to the Siebel service owner account:
   • Act as part of the operating system
   • Lock pages in memory
   • Bypass traverse checking
   • Log on as a service
   • Replace a process level token
   • Deny logon locally

     Do not assign Siebel service owner accounts any rights other than those listed. Siebel Service accounts must belong only to the Local Users Group. Use the local security policy editor to assign user rights for Siebel service owner accounts.

Assigning Rights to the Siebel Service Owner Account on UNIX

The following procedure describes how to assign rights for the Siebel service owner account in a UNIX environment.

To assign appropriate rights for the Siebel service owner account on UNIX

1. Log in as root on the Siebel application server.
2. Using the appropriate administrative tools for your UNIX operating system, for example, the System Management Interface Tool (AIX) or the Admintool (Oracle Solaris), select the user who runs the Siebel service.
3. Check that the Siebel service does not run as the root user.

NOTE:  You must set the execute bit for the /siebsrvr/webmaster directory for the Siebel service to function. The Siebel service account requires permission to execute the netstat command to perform the installation successfully. Otherwise, the installation fails.