Automating authorization group configurations using the scripting library

The scripting library provides Jython script procedures to assist in automating the environment. Use the authorization groups scripts create, configure, remove and query the authorization group configuration.

Before we can complete this task, install an application server in the environment.

The scripting library provides a set of procedures to automate the most common appserver administration functions. There are three ways to use the Jython script library.

The authorization group management procedures in scripting library are located in...


Each script from the directory automatically loads when you launch wsadmin. To automatically load the own Jython scripts (*.py) when wsadmin starts, create a new subdirectory and save existing automation scripts under the WAS_HOME/scriptLibraries directory.

Best practice: To create custom scripts using the scripting library procedures, save the modified scripts to a new subdirectory to avoid overwriting the library. Do not edit the script procedures in the scripting library

Use the scripts to perform multiple combinations of authorization group administration functions. This topic provides one sample combination of procedures. Use the following steps to create an authorization group, adds resources to the group, and assigns user roles.


  1. Launch wsadmin using Jython.

    Use this step to launch wsadmin and connect to a server. If we launch wsadmin, use the interactive mode examples in this topic to run scripts. Alternatively, we can run each script individually without launching wsadmin.

    • Enter the following command from the bin directory to launch the wsadmin tool and connect to a server:

      bin>wsadmin -lang jython

    When wsadmin launches, the system loads each script from the scripting library.

  2. Create an authorization group. Use the createAuthorizationGroup script to create a new authorization group in the configuration, as the following example demonstrates:

    bin>wsadmin -lang jython -c "AdminAuthorizations.createAuthorizationGroup("myAuthGroup")"

    We can also use interactive mode to run the script procedure...


  3. Add resources to the new authorization group. Use the addResourceToAuthorizationGroup script to add resources. We can create a file-grained admin authorization groups by selecting administrative resources to be part of the authorization group, as the following example demonstrates:

    bin>wsadmin -lang jython -c "AdminAuthorizations.addResourceToAuthorizationGroup("myAuthGroup", "Node=myNode:Server=myServer")"

    We can also use interactive mode to run the script procedure, as the following example demonstrates:

    wsadmin>AdminAuthorizations.addResourceToAuthorizationGroup("myAuthGroup", "Node=myNode:Server=myServer")

  4. Assign users to the admin role for the authorization group.

    Use the mapUsersToAdminRole script to assign one or more users to the admin role for the resources in the authorization group. You can assign users for the authorization group to the administrator, configurator, deployer, operator, monitor, adminsecuritymanager, and iscadmins administrative roles.

    The following example maps the user01, user02, and user03 users as administrators for the resources in the authorization group:

    bin>wsadmin -lang jython -c "AdminAuthorizations.mapUsersToAdminRole("myAuthGroup", "administrator", "user01 user02 user03")"

    We can also use interactive mode to run the script procedure...

    wsadmin>AdminAuthorizations.mapUsersToAdminRole("myAuthGroup", "administrator", "user01 user02 user03")



The wsadmin script libraries return the same output as the associated wsadmin commands. For example, the AdminServerManagement.listServers() script returns a list of available servers. The AdminClusterManagement.checkIfClusterExists() script returns a value of true if the cluster exists, or false if the cluster does not exist. If the command does not return the expected output, the script libraries return a 1 value when the script successfully runs. If the script fails, the script libraries return a -1 value and an error message with the exception. By default, the system disables failonerror option. To enable this option, specify true as the last argument for the script procedure, as the following example displays:



What to do next

Create custom scripts to automate the environment by combining script procedures from the scripting library. Save custom scripts to a new subdirectory of the WAS_HOME/scriptLibraries directory.

Authorization group configuration scripts


Related concepts

Administrative roles and naming service authorization
Role-based authorization


Related tasks

Use the script library to automate the application serving environment
Create a fine-grained admin authorization group