Network Deployment (Distributed operating systems), v8.0 > Administer applications and their environment > Administer the batch environment > Administer the batch environment > Configure the job scheduler > Secure the job scheduler using roles
Run batch jobs under user credentials
This topic explains how to allow batch jobs to run under credentials of the user when WebSphere security is enabled.
The RUN_JOBS_UNDER_USER_CREDENTIAL variable allows users to enable or disable batch jobs to run under credentials of the user. When the job is dispatched to the endpoint, the batch container switches the credentials of the server to the credentials of the user. The credentials of the server are in the job step thread.
RUN_JOBS_UNDER_USER_CREDENTIAL can be created at any scope level and accepts values true or false. The default is false, which means that batch jobs run under server credentials.
When Java 2 Security is enabled, your batch applications must grant the following two permissions in the WAS.policy file of the application:
- permission com.ibm.websphere.security.WebSphereRuntimePermission "SecOwnCredentials"
- permission com.ibm.websphere.security.WebSphereRuntimePermission "ContextManager.getServerCredential"
The following steps describe how to create the custom property to enable or disable batch jobs to run under the credentials of a user after logging on to the admin console:
Procedure
- Click Environment > WebSphere Variables
- Select a configuration scope, then click New. The general properties panel opens.
- Type RUN_JOBS_UNDER_USER_CREDENTIAL in the Name field.
- Type True or False to enable or disable jobs to run under user credential.
- Click OK, then click Save.
What to do next
Stop and start the server where the batch execution environment is installed.
Command-line interface
Roles and privileges for securing the job scheduler
Secure the job scheduler using roles