These default users are installed with the Stewardship Tier:
The Administrator user has full access to all delivered webapps and pages. The password for it is set during the Stewardship Tier installation process (example from step 20 in this section of the 7.4.5 install manual). This user should never be expired or disabled.
The Anonymous user may be used in anonymous authentication for workflow links. However, the standard Stewardship Tier configuration doesn't use this feature. This means expiring or disabling the Anonymous user will only be a problem if a custom webapp or custom page is using anonymous workflow links.
This query will show you if any custom webapp is currently using anonymous workflow links:
SELECT dbo.WebApp.WebAppName, dbo.Page.Description AS Page, dbo.PageEvent.Event, dbo.PageEventRule.LinkUserID
FROM dbo.WebApp INNER JOIN
dbo.Page ON dbo.WebApp.WebAppID = dbo.Page.WebAppID INNER JOIN
dbo.PageEvent ON dbo.Page.PageID = dbo.PageEvent.PageID INNER JOIN
dbo.PageEventRule ON dbo.PageEvent.PageID = dbo.PageEventRule.PageID AND dbo.PageEvent.Event = dbo.PageEventRule.Event
WHERE (dbo.PageEventRule.LinkUserID IS NOT NULL AND dbo.PageEventRule.LinkUserID <> N'14')
Specifying a User in Workflow Links
Each workflow event in the Stewardship Tier must use a SQL view to provide various values like [Subject], [Body], and [EmailTo].
In particular, the values provided for [EmailTo] will change the behavior of any Workflow Link in the email body. These are the 2 options:
- UserID - For example, if
Testing01is provided as the [EmailTo] value, then any Workflow Link will include Testing01's login information. This means that anybody who receives the Workflow Link (perhaps through a forwarded email) will be able to click the link and be taken directly to the page, automatically logged into the Stewardship Tier as
- The Stewardship Tier Development training guide calls this "Semi-anonymous"
- Generally, this is a questionable practice since users can inherit the security of another user and/or impersonate another user.
- EmailAddress - For example, if
Testing01@boatraining.comis provided as the [EmailTo] value, then any Workflow Link will not include login information. This means that anybody who clicks the link will be taken to the Stewardship Tier login screen first. As an exception, somebody who is already logged into the Stewardship Tier will be taken directly to the page as the currently logged in user.
- The Stewardship Tier Development (6.5) training guide calls this "Standard."
Specifying an Anonymous User in Workflow Links
If a [Link User ID] of the Anonymous user is specified in the design of the workflow event, then anybody who receives the Workflow Link (perhaps through a forwarded email) will be able to click the link and automatically log into the Stewardship Tier as that user. The Stewardship Tier Development training guide calls this "Anonymous" and it is generally preferred over the "Semi-anonymous" method, because an anonymous user typically has very limited permissions in the Stewardship Tier.
NOTE: any user on the Admin > Security > Users page with the [Anonymous] box checked can be used as the [Link User ID] value, but Anonymous is the user that the Stewardship Tier automatically delivers.
The Process user is used by the Stewardship Tier application to execute all scheduled background activity. This user should never be expired or disabled.
NOTE: any user specified as the [Service User ID] on the Admin > Configuration > Parameters > Service Options page can be used to execute all scheduled background activity, but Process is the user that the Stewardship Tier automatically delivers and that has the necessary webapp security.
The Search user is only an example and expiring or disabling it will not affect the Stewardship Tier application.
You might configure it with full access to all search and index pages (pages under Configuration > Search, Data Sources > Index, Resources > Bulk Duplicate Detection, and Resources > Monitor).
The Translator user is only an example and expiring or disabling it will not affect the Stewardship Tier application.
You might configure it with full access to all pages under Admin > Translations.