Network Deployment (Distributed operating systems), v8.0 > Set up the application serving environment > Administer nodes and resources > Administer stand-alone nodes using the admin agent
Administrative agent security
In a flexible management environment, a user ID must have the required authorization to use the admin agent and to work with registered nodes.
Required security roles
You need the following roles to use the admin agent:
Required security roles for admin agent tasks. Roles include administrator and roles required for the operation or node.
Administrative tasks Required security roles Register or unregister a base (stand-alone) node with the admin agent administrator Work with the admin agent: Administrative roles required for the operation being performed Work with the administrative subsystem, such as registered nodes Administrative roles required for the registered base node
Same security domain configuration
The admin agent supports a security configuration where all the cells in the topology share the same user registry, and therefore, the same security domain.
For the admin agent topology, when a user logs in to the JMX connector port of an administrative subsystem, or chooses the registered node from the administrative console, the authorization table for the chosen node is used.
For example, suppose two stand-alone application servers, Node1 and Node2, are registered with an admin agent. User1 is authorized as administrator for Node1, but is not authorized for Node2. User2 is authorized as configurator for Node2, but is not authorized for Node1. User1 can administer, operate and configure Node1 and its resources. User2 can monitor and configure Node2 and its resources. Only User1 can register or unregister a node, Node1, with the admin agent.
Do not use DMZ proxy New feature:
A DMZ proxy does not work with the admin agent when security is enabled. Keep security enabled and do not use the admin agent in a DMZ proxy environment.
Job manager security
Administrative agent
Administrative roles
Administer nodes remotely using the job manager
Administer jobs in a flexible management environment using wsadmin.sh
Administer nodes and resources
Task overview: Securing resources