Job manager security

When performing a job manager registration process there are a number of WAS security impacts to consider.

New feature: In WAS ND v7.0 flexible management has been introduced. It differs from the existing style of synchronous invocation and response calls through wsadmin or Java APIs by offering an asynchronous job queuing mechanism for administration purposes.

At the core of flexible management is a new administrative process called the job manager. We can make both appservers registered to administrative agents and dmgr servers known to the job manager through a registration process. After you register the servers, we can queue admin jobs directed at the appservers or dmgrs through the job manager. We can submit these jobs to a large number of servers over a geographically dispersed area.

Security considerations...

The required admin roles for executing flexible management jobs are defined by the underlying admin commands used by those jobs.

For example, the required role for starting and stopping servers is the operator role. The operator role is also required for execution of the flexible management jobs that start and stop servers.

The general rules for assigning required admin roles are:

Related concepts

RSA token authentication mechanism
Lightweight Third Party Authentication
Kerberos (KRB5) authentication mechanism support for security
Job manager
Job manager settings


Related tasks

Set the RSA token authentication mechanism
Set admin authentication
Administer nodes using the job manager
Set job managers



Administrative roles
Job status collection