IBM BPM, V8.0.1, All platforms > Install IBM BPM > IBM BPM Advanced for z/OS: Process Server > Configure IBM BPM Advanced for z/OS: Process Server > Configure components > Configure additional components > Configure Process Portal > Configure the Business Space component for Process Portal > Set up security for the Business Space component and Process Portal
Enabling security for the Business Space component
If you expect to use a secured environment, enable security before you configure Process Portal. However, if needed, you can enable security manually later. To turn on security for Process Portal you must enable both application security and administrative security for the Business Space component.
Before you complete this task, you must have completed the following tasks:
- Check that your user ID is registered in the user registry for your product.
The Business Space component is preconfigured to ensure authentication and authorization of access. Users are prompted to authenticate when accessing Process Portal URLs. Unauthenticated users are redirected to a login page.
The Business Space component is configured to be accessed by HTTPS by default. If you prefer HTTP because Process Portal is already behind a firewall, you can switch to HTTP by running the configBSpaceTransport.py script. The configBSpaceTransport.py script has parameters to switch to either HTTP or HTTPS if you want to change from a previous setting. See Designating HTTP or HTTPS settings for Process Portal.
To enable authenticated access to Process Portal, you must have a user registry configured and application security enabled. Authorization to spaces and page content is handled internally as part of managing spaces.
Procedure
- For complete instructions on security, see the security documentation for your product.
- For the Business Space application, on the Global security administrative console page, select both Enable administrative security and Enable application security.
- If you want to enable or remove security after you have configured the Business Space component with your IBM BPM profile, you must modify the noSecurityAdminInternalUserOnly property in the ConfigServices.properties file.
The noSecurityAdminInternalUserOnly property specifies the administrator ID for Process Portal when security is disabled. By default, Business Space configuration sets the property to BPMAdministrator if security is disabled. When security is enabled, by default this property is set to the application server admin ID. If you want to enable or remove security after you have configured the Business Space component, use the application server admin ID.
- Modify the ConfigServices.properties file noSecurityAdminInternalUserOnly property to set it to the application server admin ID. The ConfigServices.properties file is located at profile_root\BusinessSpace\ node_name\ server_name\mm.runtime.prof\config\ConfigService.properties for a stand-alone server or deployment_manager_profile_root\BusinessSpace\ cluster_name\mm.runtime.prof\config\ConfigService.properties for a cluster.
- Run the updatePropertyConfig command using the wsadmin scripting client.
Important: For Windows, the value for the propertyFileName parameter must be the full path to the file, and all backslashes must be double, for example: AdminTask.updatePropertyConfig('[-serverName server_name -nodeName node_name -propertyFileName " profile_root\\BusinessSpace\\ node_name\\ server_name\\mm.runtime.prof\\config\\ConfigService.properties" -prefix "Mashups_"]').
- For a stand-alone server:
The following example uses Jython:
AdminTask.updatePropertyConfig('[-serverName server_name -nodeName node_name -propertyFileName " profile_root\BusinessSpace\ node_name\ server_name \mm.runtime.prof\config\ConfigService.properties" -prefix "Mashups_"]') AdminConfig.save()
The following example uses Jacl:
$AdminTask updatePropertyConfig {-serverName server_name -nodeName node_name -propertyFileName " profile_root\BusinessSpace\ node_name\ server_name \mm.runtime.prof\config\ConfigService.properties" -prefix "Mashups_"} $AdminConfig save- For a cluster:
The following example uses Jython:
AdminTask.updatePropertyConfig('[-clusterName cluster_name -propertyFileName " deployment_manager_profile_root\BusinessSpace\ cluster_name\mm.runtime.prof\ config\ConfigService.properties" -prefix "Mashups_"]') AdminConfig.save()The following example uses Jacl:
$AdminTask updatePropertyConfig {-clusterName cluster_name -propertyFileName " deployment_manager_profile_root\BusinessSpace\ cluster_name\mm.runtime.prof\ config\ConfigService.properties" -prefix "Mashups_"} $AdminConfig save
- Restart the server.
- Log in to Process Portal and reassign the owners of the default spaces to the new administrator ID.
What to do next
- After the administrative security and application security are turned on, you receive a prompt for a user ID and password when you log in to Process Portal.
You must use a valid user ID and password from the selected user registry in order to log on. After you turn on administrative security, whenever you return to the administrative console, you must log in with the user ID that has administrative authority.
- If you want to change the user account repository from the default for your product profile, follow the steps in Selecting the user account repository for Process PortalSelecting the user account repository for dashboards.
- If you have a cross-cell environment where Process Portal is remote from where IBM BPM is running, and the nodes are not in the same cell, set up single-sign-on (SSO) and SSL certificates. Follow the instructions in Set up SSO and SSL for Process Portal.
- To designate who can perform administrator actions in the Process Portal environment, see Assigning the superuser role.
Set up security for the Business Space component and Process Portal
Related tasks:
Assigning the superuser role
Related information:
WebSphere Application Server security documentation
Selecting a registry or repository