IBM BPM, V8.0.1, All platforms > Install IBM BPM > IBM BPM Advanced for z/OS: Process Server > Configure IBM BPM Advanced for z/OS: Process Server > Configure components > Configure additional components > Configure Process Portal > Configure the Business Space component for Process Portal > Set up security for the Business Space component and Process Portal

Preventing users from creating spaces

You can customize IBM BPM so that only users logging in with a superuser role can create spaces.

By default, all users can create spaces. However, you can lock down Process Portal so that only people who log in using a superuser ID can create or import spaces.

The lock-down procedure described in this topic applies only to Process Portal spaces. It does not restrict other access to Process Portal.

These superusers (or Process Portal administrators) can create a space and transfer ownership to other users. The users who are assigned ownership of spaces can then administer the spaces as if they had created them.

For example, they can set who can view and edit the space and its properties and they can add pages. Other than the superuser role, you cannot define groups or individual users who are allowed to create spaces.

To limit creating spaces to superusers only, complete the following steps.

Procedure

1. Change the com.ibm.mashups.lockeddown setting to true in the configuration file:

   • For a stand-alone server: profile_root\BusinessSpace\ node_name\ server_name\mm.runtime.prof\config\ConfigService.properties

   • For a cluster: deployment_manager_profile_root\BusinessSpace\ cluster_name\mm.runtime.prof\config\ConfigService.properties

   The default value of false means that all users can create spaces. When the value is true, only superusers can create spaces.

2. Run the updatePropertyConfig command in the wsadmin environment of the profile:

   • For a stand-alone server:

     The following example uses Jython:

     AdminTask.updatePropertyConfig('[-serverName  server_name -nodeName  node_name 
     -propertyFileName " profile_root\BusinessSpace\ node_name\ server_name
     \mm.runtime.prof\config\ConfigService.properties" -prefix "Mashups_"]')
     AdminConfig.save()

     Important: For Windows, the value for the propertyFileName parameter must be the full path to the file, and all backslashes must be double, for example: AdminTask.updatePropertyConfig('[-serverName server_name -nodeName node_name -propertyFileName " profile_root\\BusinessSpace\\ node_name\\ server_name\\mm.runtime.prof\\config\\ConfigService.properties" -prefix "Mashups_"]').

     The following example uses Jacl:

     $AdminTask updatePropertyConfig {-serverName  server_name -nodeName  node_name
      -propertyFileName " profile_root\BusinessSpace\ node_name\ server_name
     \mm.runtime.prof\config\ConfigService.properties" -prefix "Mashups_"} $AdminConfig save

   • For a cluster:

     The following example uses Jython:

     AdminTask.updatePropertyConfig('[-clusterName  cluster_name -propertyFileName
      " deployment_manager_profile_root\BusinessSpace\ cluster_name\mm.runtime.prof\
     config\ConfigService.properties" -prefix "Mashups_"]')
     AdminConfig.save()

     The following example uses Jacl:

     $AdminTask updatePropertyConfig {-clusterName  cluster_name -propertyFileName
      " deployment_manager_profile_root\BusinessSpace\ cluster_name\mm.runtime.prof\
     config\ConfigService.properties" -prefix "Mashups_"} $AdminConfig save

Results

The next time that users log into a Process Portal space, they will not be able to create a space unless they log in using a superuser ID.

Set up security for the Business Space component and Process Portal