Like all processes, the AccuRev Server and AccuRev Database Server processes have an operating-system user identity. It should be a unique user identity, not used by any other program. This helps to ensure that no other user or process has access to the repository.
CAUTION: The AccuRev Database Server cannot be run as the
root user. In addition, do not attempt to run the AccuRev Server as
root. Some user-supplied trigger scripts run under the operating-system identity of the AccuRev Server, which poses a significant security risk. (See
Trigger Script Execution and User Identities on page 92.)
We suggest that you create an operating-system user named acserver, belonging to a group named
acgroup. (Any similar names will do.) Only the AccuRev Server should run as
acserver.
For emergency “manual” access to the repository, you can create another user identity — say, acadmin — and place that user in the same group,
acgroup. You can configure UNIX/Linux-level auditing and place other appropriate controls on this account; this leaves the
acserver account (and thus, the AccuRev Server process) unencumbered by such controls.
The AccuRev Server and AccuRev Database Server run as Windows services. By default, these services run as the built-in local user named
System. This user identity must have access to the AccuRev executables (
bin) directory and to the repository. See
Repository Access Permissions on page 1.
You can use the Services control panel to configure the services to run under another identity (“account”).