How CA ControlMinder Service Accounts Interact with CA Privileged Identity Manager Components

The following diagram shows how the service accounts interact with various  components:
cminder12902
The following diagram shows how the service accounts interact with various
Privileged Identity Manager
 components:
How CA ControlMinder Service Accounts Interact with PIM Components
How CA ControlMinder Service Accounts Interact with PIM Components
The numbers in the diagram correspond to the following service accounts:
  1. RDBMS_service_user
    This account authenticates communication between the Enterprise Management Server and the RDMBS.
    This account is not named RDBMS_service_user. You specify the name of this account when you create a user to prepare the database for the Enterprise Management Server.
  2. guest
    This account is the JNDI connection account that locates the message queue in the Message Queue server.
    You can change the JNDI connection account after installation.
  3. reportserver
    This account lets the DMS and the Enterprise Management Server log in to the Message Queue.
  4. +reportagent
    This account lets an endpoint log in to the Message Queue.
  5. +policyfetcher
    This account executes the policyfetcher daemon or service on the endpoint.
  6. +devcalc
    This account executes the policy deviation calculation on the endpoint.
  7. ac_entm_pers
    This account authenticates communication between the Enterprise Management Server and the DMS.
  8. ADS_LDAP_bind_user
    This account lets CA ControlMinder Enterprise Management perform LDAP queries against Active Directory.
    This account is not named ADS_LDAP_bind_user. The name of this account is the User DN that you specify in the Active Directory Settings wizard page when you install CA ControlMinder Enterprise Management.