IBM BPM, V8.0.1, All platforms > Install IBM BPM > IBM BPM Advanced > Install IBM BPM Advanced > On Windows > Network deployment environment > Configure profiles and create an ND environment > Create an ND environment > Use the administrative console > Configure components > Configure additional components > Configure Process Portal > Configure the Business Space component for Process Portal > Set up security for the Business Space component and Process Portal

Assigning the superuser role

You can assign users to be superusers (or Process Portal administrators). A superuser can view, edit, and delete all spaces and pages, can manage and create templates, and can change ownership of a space by changing the owner ID.

Before you complete this task, you must have completed the following tasks:

• Enable application security and administrative security. See Enabling security for the Business Space component: .
• Check that your user ID is registered in the user registry for your product.

Assign the superuser role by using the following application server security role: Admin. Using this method gives you flexibility in assigning the role to any number of your organization's existing groups and users. It doesn't require the creation of an administrators group in the user registry for the sole purpose of acting as the focal point for the superuser.

If you already have a Business Space superuser assigned from an earlier version than V7.5, you can modify the superuser by user group instead. See Assigning the superuser by user group: .

Procedure

• If you are setting up administrators with the superuser role for the first time.

  1. Log in to the administrative console for your product.

  2. Click Applications > Application Types > WebSphere enterprise applications and select one of the following applications:
     • mm.was_ node_ server (for a stand-alone server environment)
     • mm.was_ cluster (for an ND environment)

  3. Click Security role to user/group mappings.

  4. Select the row for the Admin role, and click the Map Users button or the Map Groups button to map either users or groups to the Admin role.

  5. Click Save.
  6. Restart the server.

• If you previously assigned superusers based on user groups, and you want to switch to this simpler way to manage superusers by role.
  1. Open the configuration file.

     • For a stand-alone server: profile_root\BusinessSpace\ node_name\ server_name\mm.runtime.prof\config\ConfigService.properties

     • For a cluster: deployment_manager_profile_root\BusinessSpace\ cluster_name\mm.runtime.prof\config\ConfigService.properties

  2. Change the following property values in the configuration file as shown:

     com.ibm.mashups.adminGroupName = {com.ibm.mashups.J2EERole.Admin}

     com.ibm.mashups.widget.attributes.configure.groups=

  3. Run the updatePropertyConfig command in the wsadmin environment of the profile.

     Important: For Windows, the value for the propertyFileName parameter must be the full path to the file, and all backslashes must be double, for example: AdminTask.updatePropertyConfig('[-serverName server_name -nodeName node_name -propertyFileName " profile_root\\BusinessSpace\\ node_name\\ server_name\\mm.runtime.prof\\config\\ConfigService.properties" -prefix "Mashups_"]').

     • For a stand-alone server:

       The following example uses Jython:

       AdminTask.updatePropertyConfig('[-serverName  server_name -nodeName  node_name 
       -propertyFileName " profile_root\BusinessSpace\ node_name\ server_name
       \mm.runtime.prof\config\ConfigService.properties" -prefix "Mashups_"]')
       AdminConfig.save()

       The following example uses Jacl:

       $AdminTask updatePropertyConfig {-serverName  server_name -nodeName  node_name
        -propertyFileName " profile_root\BusinessSpace\ node_name\ server_name
       \mm.runtime.prof\config\ConfigService.properties" -prefix "Mashups_"} $AdminConfig save

     • For a cluster:

       The following example uses Jython:

       AdminTask.updatePropertyConfig('[-clusterName  cluster_name -propertyFileName
        " deployment_manager_profile_root\BusinessSpace\ cluster_name\mm.runtime.prof\
       config\ConfigService.properties" -prefix "Mashups_"]')
       AdminConfig.save()

       The following example uses Jacl:

       $AdminTask updatePropertyConfig {-clusterName  cluster_name -propertyFileName
        " deployment_manager_profile_root\BusinessSpace\ cluster_name\mm.runtime.prof\
       config\ConfigService.properties" -prefix "Mashups_"} $AdminConfig save

  4. Restart the server.

  5. Use the previous procedure to assign users to the Business Space superuser roles.

Set up security for the Business Space component and Process Portal

Related tasks:
Enabling security for the Business Space component: