Administrative roles for business level applications


The Java™ 2 Platform, Enterprise Edition (J2EE) role-based authorization concept is extended to protect the WAS administrative subsystem. This protection applies to those admin roles associated with business level applications.

Deploy business level applications on a server configured to hold business level applications requires a number of administrative roles defined to provide degrees of authority when performing certain admin functions from either the Web-based admin console or the system management scripting interface. The authorization policy is only enforced when administrative security is enabled.

The following table describes the system management scripting command used for business level applications and the corresponding admin role that is required in using the command:

Business level application - admin roles
Command Role Required
startBLA Cell deployer, Cell operator, BLA deployer, BLA operator, Target deployer, Target operator
stopBLA Cell deployer, Cell operator, BLA deployer, BLA operator, Target deployer, Target operator
createEmptyBLA Cell configurator, Cell deployer
editBLA Cell configurator, Cell deployer, BLA deployer
viewBLA Cell monitor, BLA monitor
listBLAs Cell monitor, BLA monitor(s)
deleteBLA Cell configurator, Cell deployer, BLA developer
importAsset Cell configurator, Cell deployer
editAsset Cell configurator, Cell deployer, Asset deployer
viewAsset Cell monitor, Asset monitor(s)
listAssets Cell monitor, Asset monitor
exportAsset Cell monitor, Asset monitor
deleteAsset Cell configurator, Cell deployer, Asset deployer
updateAsset Cell configurator, Cell deployer, Asset deployer
addCompUnit Cell configurator, Cell deployer, BLA deployer (for the BLA to add the composition unit)

+ Asset-deployer (for the asset to create the composition unit from)

+ Target-deployer (for each target the composition unit is deployed to)

+ Relationship-deployer (for each relationship the composition unit depends on that will result in creating a composition unit from the dependency asset)

editCompUnit Cell configurator, Cell deployer, BLA deployer (for the BLA this composition unit belongs to)

+ Target deployer (for each target that this composition unit is deployed to)

viewCompUnit Cell monitor, BLA monitor
listCompUnit Cell monitor, BLA monitor
deleteCompUnit Cell configurator, Cell deployer, BLA deployer (for the BLA this composition unit belongs to)

+ Target deployer (for each target that this composition unit is deployed to)

setCompUnitTargetAutoStart Cell configurator, Cell deployer
listControlOps Cell monitor, BLA monitor
getBLAStatus Cell monitor, BLA monitor
  Where:

  • BLA deployer specifies the deployer role for the BLA that is being managed.

  • BLA monitor specifies the monitor role for the BLA that is being managed.

  • BLA operator specifies the operator role for the BLA that is being managed.
  • Asset deployer specifies the deployer role for the asset that is being managed.
  • Asset monitor specifies the monitor role for the asset that is being managed.

  • Target deployer specifies the deployer for the target that the composition unit is being deployed to.

  • Target operator specifies the operator role for the target that the composition unit is being deployed to.





 

Related concepts


Administrative roles and naming service authorization

 

Related tasks


Deploy business-level applications

 

Related


BLAManagement
Administrative roles