Operating Systems: i5/OS
Personalize the table of contents and search results
Authorizing access to administrative roles
You can assign users and groups to administrative roles to identify
users who can perform WebSphere Application Server administrative functions.
Administrative roles enable you to control access to WebSphere
Application Server administrative functions. Refer to the descriptions of
these roles in Administrative roles.
- Before you assign users to administrative roles, set up your
user registry. For information on the supported registry types, see Selecting
a registry or repository.
- The following steps are needed to assign users to administrative roles.
Overview
You use the administrative console
to assign users and groups to administrative roles and to identify users who
can perform WebSphere Application Server administrative functions. In the
administrative console,
Procedure
- Click Users and Groups. Click either Administrative User
Roles or Administrative Group Roles.
- To add a user or a group, click Add on the Console users
or Console groups panel.
- To add a new administrator user, enter a user identity in the User
field, highlight Administrator, and click OK. If there is no
validation error, the specified user is displayed with the assigned security
role.
- To add a new administrative group, either enter a group name in
the Specify group field or select EVERYONE or ALL AUTHENTICATED from
the Special subject menu, highlight Administrator, and click OK.
If no validation error occurs, the specified group or special subject is displayed
with the assigned security role.
- To remove a user or group assignment, click Remove on the
Console Users or the Console Groups panel. On the Console Users or the Console
Groups panel, select the check box of the user or group to remove and click OK.
- To manage the set of users or groups to display, click Show
filter function on the User Roles or Group Roles panel. In the Search
term(s) box, type a value, then click Go. For example, user* displays
only users with the user prefix.
- After the modifications are complete, click Save to save
the mappings.
- Restart the application server for changes to take effect.
- Shut down the nodes, node
agents, and the deployment manager.
- Verify that Java processes
are not running. If they are running, discontinue these processes.
- Restart the deployment
manager.
- Resynchronize the nodes.
To resynchronize the nodes, run the install_root/bin/syncNode script
from the Qshell command line for each node. For more information, see the syncNode command in the
documentation.
- Restart the nodes. To
restart the nodes, run the install_root/bin/startNode script
from the Qshell command line for each node. For more information, see the startNode command in the
documentation.
- Start any clusters, if
applicable.
}
Administrative user roles settings
and CORBA naming service user settings
Administrative group roles and CORBA naming service groups
Assigning users to naming roles
Propagating administrative role changes to Tivoli Access Manager
migrateEAR utility for Tivoli Access Manager
Related concepts
Role-based authorization
Access control exception
Administrative roles and naming service
authorization
Related tasks
Assigning users and groups to roles
Assigning users to RunAs roles
Authorizing access to resources
|