In order to run and manage the Gateway application, users must possess a specific set of permissions.

When starting the application, the role of the principal passed in the configuration should have REGISTER_HANDLER permission. This is required, so that the principal used to create the Diffusion session can register itself as a Gateway client.

To view the Gateway application in the Diffusion Management Console, the principal used to log into the console should have VIEW_SERVER permission.

In addition, to be able to control/operate Gateway application from the Console, the principal used to log in the console should also have CONTROL_SERVER permission.

In addition to these, the ACQUIRE_LOCK permission is required by default to allow other instances of the application with the same application type and ID to be initialised as passive instances. This means that if more than one instance of the application is started with the same application type and ID, only one will be active while the other remains passive, enabling failover. If the active instance shuts down for any reason, a passive instance will become active and takes over the publication and/or subscription to Diffusion topics. However, this feature is configurable using the allowPassiveInstances configuration parameter.