Express (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository > Virtual member manager > Troubleshoot and Support > Support issues and limitations > Groups and membership issues and limitations
Disable nested group searches
Follow these steps to disable nested group searches when logging on to WAS.
If we have several nested groups, to improve performance you might not want to retrieve all of the nested groups during login.
To disable nested group searches, at the wsadmin command prompt, run:
wsadmin>$AdminTask configureAdminWIMUserRegistry {-customProperties {"com.ibm.ws.wim.registry.grouplevel=1"} }The custom property, com.ibm.ws.wim.registry.grouplevel is added to the user registry object. The value of the group level is set to 1, which retrieves only first level groups. If you do not set the value of the group level, the default value of 0 is used, which retrieves all nested groups.In WAS 6.1, the configureAdminWIMUserRegistry command is unavailable, hence manually edit the security.xml file and add the entry, <properties xmi:id="VMMURProperty_1" name="com.ibm.ws.wim.registry.grouplevel" value="1"/> as shown next. The security.xml file is located at: WAS_HOME\profiles\your_server_name
config\cells\your_cell\security.xml.
<userRegistries xmi:type="security:WIMUserRegistry" xmi:id="WIMUserRegistry_1" serverId="" serverPassword="{xor}" realm="defaultWIMFileBasedRealm" ignoreCase="true" useRegistryServerId="false" primaryAdminId="uid=wasadmin,o=default organization" registryClassName="com.ibm.ws.wim.registry.WIMUserRegistry"> <properties xmi:id="VMMURProperty_1" name="com.ibm.ws.wim.registry.grouplevel" value="1"/> </userRegistries>
Parent topic: Groups and membership issues and limitations