Update console users and groups

 

+

Search Tips   |   Advanced Search

 

 

Overview

Additions and changes to console users and groups are not automatically added to the Tivoli Access Manager object space once the Tivoli Access Manager Java Authorization Contract for Containers (JACC) provider is configured. Changes to console users and groups are saved in the admin-authz.xml file and this file will require migration before any changes take effect. The Tivoli Access Manger JACC provider includes the migration utility, migrateEAR, for incorporating console user and group changes into the Tivoli Access Manager object space.

Note: The migrateEAR utility is used to migrate the changes made to console users and groups after the Tivoli Access Manager JACC provider has been configured. The utility will not need to be run for changes and additions to console user and groups made prior to the Tivoli Access Manager JACC provider being configured as the changes (made to admin-authz.xml) are automatically migrated at configuration time. Furthermore, the migration tool does not need to be run before deploying standard J2EE applications, J2EE application policy deployment is also performed automatically.

To migrate admin-authz.xml:

  1. Before executing the migrateEAR utility, setup the environment by running setupCmdLine.bat or setupCmdLine.sh located in the installation/bin directory.

  2. Verify the WAS_HOME environment variable is set to the WAS installation directory.

  3. cd ${WAS_HOME}/bin/

  4. Run the migrateEAR utility to migrate the data contained in admin-authz.xml. Use the parameter descriptions listed in The Tivoli Access Manager migrateEAR utility. For example:

    migrateEAR -j install_dir/profiles/profile/config/cells/cell/admin-authz.xml
               -a sec_master 
               -p password 
               -w wsadmin 
               -d o=ibm,c=us
               -c file:/install_dir/java/jre/PdPerm.properties
    

    A status message is displayed when the migration completes. Output of the utility is logged to the file, pdwas_migrate.log, created on the directory where the utility is run. Check the log file after each migration. If the log file displays errors, check the last recorded transaction, correct the source of the error, and rerun the migration utility. If the migration is unsuccessful, verify that you supplied the correct values for the -c and -j options.

  5. WebSphere Application Server does not require a restart for the changes to take effect.