IBM BPM, V8.0.1, All platforms > Install IBM BPM > IBM BPM Advanced for z/OS: Process Server > Configure IBM BPM Advanced for z/OS: Process Server > Configure components > Configure additional components > Configure Process Portal > Configure the Business Space component for Process Portal

Set up security for the Business Space component and Process Portal

If you are using Process Portal with your environment, you must consider security options for the Business Space component.

If you want to turn on security, set up application security and designate a user repository. To define administrators, assign a Business Space superuser role.

For best results, enable security before you configure the Business Space component.

If you enable security later, use the administrative console Global security administration page, to enable both administrative security and application security. On the same administrative console page, you also can designate a user account repository, including changing from the default federated repositories option to another user repository. To designate which users can perform administrator actions in Process Portal, assign the Business Space superuser role. Other security configuration might be needed for your specific environment.

Important: By default, the Ajax proxy configuration used with widgets does not restrict access to any IP addresses. For convenience, the Ajax proxy is configured by default to be open, which is not secure for production scenarios. To configure the Ajax proxy so that it displays only content from selected sites or blocks content from selected sites, follow the steps at Blocking IP addresses using the Business Space Ajax proxy.

If you want Process Portal to run inside an HTML frame, complete the steps in Enabling Process Portal to run in an HTML frame.

• Enabling security for the Business Space component
  

  If you expect to use a secured environment, enable security before you configure Process Portal. However, if needed, you can enable security manually later. To turn on security for Process Portal you must enable both application security and administrative security for the Business Space component.

• Selecting the user repository for Process Portal
  The federated repositories option is the default user account repository option for profiles. You can change the type of user account repository if needed for your environment.
• Set up SSO and SSL for Process Portal
  For remote environments where Process Portal and your product server are in different cells, set up single-sign-on (SSO) and Secure Sockets Layer (SSL) configuration manually.
• Designating HTTP or HTTPS settings for Process Portal
  The Business Space component is configured to be accessed by HTTPS by default. You can change the protocol from the default or back to the default by running a script.
• Set up security for system REST services
  To set up security for the data in the widgets based on users and groups, you must modify the users that are mapped to the REST services gateway application.
• IBM BPM widget security considerations
  Depending on the widgets you use in Process Portal for your product, you might assign either administrative user group roles to control access to data in a widget, or you might assign an additional layer of role-based access for your widget.
• Assigning the superuser role
  

  You can assign users to be superusers (or Process Portal administrators). A superuser can view, edit, and delete all spaces and pages, can manage and create templates, and can change ownership of a space by changing the owner ID.

• Assigning the superuser by user group
  

  You can assign users to be superusers (or Process Portal administrators) based on user groups.

• Preventing users from creating spaces
  

  You can customize IBM BPM so that only users logging in with a superuser role can create spaces.

• Enabling searches for user registries without wildcards
  

  If your user registry is set up to not use wildcards, complete additional configuration steps so that searches work properly in Process Portal and for widgets that search the user registry.

Configure the Business Space component for Process Portal

Related tasks:
Configure the Business Space component for Process Portal

Related information:

WebSphere Application Server security documentation
Configure Lightweight Directory Access Protocol search filters
Manage the realm in a federated repository configuration
Selecting a registry or repository