Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authorizing access to resources > Authorizing access to Java EE resources using Tivoli Access Manager > Enable an external JACC provider

Configure Tivoli Access Manager groups

Use the console to set security policies for WAS applications, based on entities stored in the user registry. TAM adds the accessGroup object class to the registry. Using the pdadmin utility, available on the TAM policy server host in the PD.RTE fileset, we create new groups.

1. Go to...
   Security | Global security | User account repository | Available realm definitions | Standalone LDAP registry | Configure | Additional properties | Advanced LDAP user registry settings

2. For Group Filter, set...
   (objectclass=accessGroup)

   For example...

   (&(cn=%w)(|(objectclass=groupOfNames)
   (objectclass=groupOfUniqueNames)
   (objectclass=accessGroup)))

3. For Group Member ID Map, set...

   accessGroup:member

   For example...

   groupOfNames:member;groupOfUniqueNames:uniqueMember;
   accessGroup:member

4. Stop and restart WAS.

Related

Role-based security with embedded TAM
Enable an external JACC provider

+

Search Tips   |   Advanced Search