Authorize access to administrative roles

 

+

Search Tips   |   Advanced Search

 

 

You can assign users and groups to administrative roles to identify users who can perform WAS administrative functions.

Administrative roles enable you to control access to WAS administrative functions.

• Before you assign users to administrative roles, set up your user registry.

• The following steps are needed to assign users to administrative roles.

 

Overview

You use the console to assign users and groups to administrative roles and to identify users who can perform WAS administrative functions.

 

Procedure

1. Click Users and Groups. Click either Administrative User Roles or Administrative Group Roles.

2. To add a user or a group, click Add on the Console users or Console groups panel.

3. To add a new administrator user, enter a user identity in the User field, highlight Administrator, and click OK. If there is no validation error, the specified user is displayed with the assigned security role.

4. To add a new administrative group, either enter a group name in the Specify group field or select EVERYONE or ALL AUTHENTICATED from the Special subject menu, highlight Administrator, and click OK. If no validation error occurs, the specified group or special subject is displayed with the assigned security role.

5. To remove a user or group assignment, click Remove on the Console Users or the Console Groups panel. On the Console Users or the Console Groups panel, select the check box of the user or group to remove and click OK.

6. To manage the set of users or groups to display, click Show filter function on the User Roles or Group Roles panel. In the Search term(s) box, type a value, then click Go. For example, user* displays only users with the user prefix.

7. After the modifications are complete, click Save to save the mappings.

8. Restart the appserver for changes to take effect.

9. Shut down the nodes, node agents, and the deployment manager.

10. Verify that Java processes are not running. If they are running, discontinue these processes.

11. Restart the deployment manager.

12. Resynchronize the nodes.

    To resynchronize the nodes, run...

    install_root/bin/syncNode

    ...for each node.

13. Restart the nodes.

    install_root/bin/startNode

14. Start any clusters, if applicable.

 

What to do next

After you assign users to administrative roles, restart the Deployment Manager for the new roles to take effect. However, the administrative resources are not protected until you enable security.

---

Administrative user roles settings and CORBA naming service user settings
Administrative group roles and CORBA naming service groups
Assigning users to naming roles
Propagating administrative role changes to Tivoli Access Manager
migrateEAR utility for Tivoli Access Manager

 

Related concepts

Role-based authorization
Access control exception
Administrative roles and naming service authorization

 

Related tasks

Assigning users and groups to roles
Assigning users to RunAs roles
Authorizing access to resources

 

Related Reference

syncNode command
startNode command