Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authorizing access to resources

Authorizing access to administrative roles

We can assign users and groups to administrative roles to identify users who can perform WAS administrative functions.

Administrative roles enable you to control access to WAS administrative functions. Refer to the descriptions of these roles in Administrative roles.

• Before you assign users to administrative roles, set up your user registry. For information on the supported registry types, see Select a registry or repository.
• The following steps are needed to assign users to administrative roles.

You use the administrative console to assign users and groups to administrative roles and to identify users who can perform WAS administrative functions. In the administrative console,

Procedure

1. Click Users and Groups. Click either Administrative User Roles or Administrative Group Roles.

2. To add a user or a group, click Add on the Console users or Console groups panel.

3. To add a new administrator user, follow the instructions on the page to specify a user, and select the Administrator role. Once the user is added to the Mapped to role list, click OK. The specified user is mapped to the security role.

4. To add a new administrative group, follow the instructions on the page to specify either a group name or a Special subject, highlight the Administrator role, and click OK. The specified group or special subject is mapped to the security role.

5. To remove a user or group assignment, click Remove on the Console Users or the Console Groups panel. On the Console Users or the Console Groups panel, select the check box of the user or group to remove and click OK.

6. To manage the set of users or groups to display, click Show filter function on the User Roles or Group Roles panel. In the Search term(s) box, type a value, then click Go. For example, user* displays only users with the user prefix.

7. After the modifications are complete, click Save to save the mappings.

8. Restart the application server for changes to take effect.
9. Shut down the nodes, node agents, and the dmgr.

10. Verify that Java processes are not running. If they are running, discontinue these processes.

11. Restart the dmgr.
12. Resynchronize the nodes.

    To resynchronize the nodes, run the install_root/bin/syncNode or the install_root/bin/syncNode.sh command for each node. Use the synchNode command.

13. Restart the nodes. To restart the nodes, run the install_root/bin/startNode or the install_root/bin/startNode.sh command for each node. Use the startNode command.

14. Start any clusters, if applicable.

What to do next

After you assign users to administrative roles, restart the Deployment Manager for the new roles to take effect. However, the administrative resources are not protected until you enable security.

Related

Administrative user roles settings and CORBA naming service user settings
Administrative group roles and CORBA naming service groups
Assign users to naming roles
Propagate administrative role changes to Tivoli Access Manager
migrateEAR utility for Tivoli Access Manager
Assign users from a foreign realm to the admin-authz.xml
Role-based authorization
Access control exception for Java 2 security
Administrative roles and naming service authorization
Assign users and groups to roles
Assign users to RunAs roles
Authorizing access to resources

Related

syncNode command
startNode command

+

Search Tips   |   Advanced Search