When processes require running as another user (RunAs User)
There are instances where processes – such as database scripts (not just SQL statements) and operating system commands – require running under a different user than the user, or the service account, that is running Flux.
Java provides no means to start processes as a different user than the one that started the Java virtual machine. Such a feature would be a security exposure and violates the architecture of Java.
In instances where a process requires the privileges granted a different user or service account, you have two choices:
- For running such processes on servers that support SSH (Unix, Linux, and Windows machines running a third-party SSH server like Bitvise Server), you can execute the process action using Flux’s SSH Command Action. This action allows you to specify a different user to run the command.
- Install a Flux Agent for each user account that is required. Configure each agent to start under the required user or service account and assign processes to agents based on the processes’ required privileges.
Note here that the Flux workflow itself will still run under the user or service account that starts Flux. Only individual process actions or SSH actions will run under the different user or service account.