Network Deployment (Distributed operating systems), v8.0 > Reference > Jython script library


Authorization group configuration scripts

The scripting library provides multiple script procedures to automate the application server configurations. Use the scripts in this topic to create, configure, remove and query the security authorization group configuration. We can run each script individually or combine procedures to create custom automation scripts.

The AdminAuthorizations script procedures are located in...

WAS_HOME/scriptLibraries/security/V70

Use the following script procedures to configure authorization groups:

Use the following script procedures to remove users and groups from the security authorization settings:

Use the following script procedures to query the security authorization group configuration:



addResourceToAuthorizationGroup

This script adds a resource to an existing authorization group in your configuration. We can create a fine-grained administrative authorization groups by selecting administrative resources to be part of the authorization group. We can assign users or groups to this new administrative authorization group and also give them access to the administrative resources contained within.

addResourceToAuthorizationGroup argument descriptions. Run the script with the authorization group name and resource name to add a resource to an authorization group.

Argument Description
authGroupName Name of the authorization group of interest.
resource Name of the resource to add to the authorization group of interest.

Syntax

AdminAuthorizations.addResourceToAuthorizationGroup(authGroupName, resource)

Example usage

AdminAuthorizations.addResourceToAuthorizationGroup("myAuthGroup", "Node=myNode:Server=myServer")


createAuthorizationGroup

This script creates a new authorization group in the configuration. Administrative authorization groups that specify users and groups that have certain authorities with the selected resources.

createAuthorizationGroup argument description. Run the script with the authorization group name argument to create an authorization group.

Argument Description
authGroupName Name of the authorization group to create.

Syntax

AdminAuthorizations.createAuthorizationGroup(authGroupName)

Example usage

AdminAuthorizations.createAuthorizationGroup("myAuthGroup")


mapGroupsToAdminRole

This script maps group IDs to one or more administrative roles in the authorization group. The name of the authorization group that provided determines the authorization table. The group ID can be a short name or fully qualified domain name in case LDAP (LDAP) user registry is used.

mapGroupsToAdminRole argument descriptions. Run the script with the authorization group name, administrative role, and group ID arguments.

Argument Description
authGroupName Name of the authorization group of interest.
adminRole Name of the administrative role to which the system maps the user IDs.
groupIDs Group IDs to map to the role and authorization group.

Syntax

AdminAuthorizations.mapGroupsToAdminRole(authGroupName, adminRole, groupIDs)

Example usage

AdminAuthorizations.mapGroupsToAdminRole("myAuthGroup", "administrator", "group01 group02 group03")


mapUsersToAdminRole

This script maps user IDs to one or more administrative roles in the authorization group. The name of the authorization group that provided determines the authorization table. The user ID can be a short name or fully qualified domain name in case LDAP user registry is used.

mapUsersToAdminRole argument descriptions. Run the script with the authorization group name, administrative role, and user ID arguments.

Argument Description
authGroupName Name of the authorization group of interest.
adminRole Name of the administrative role to which the system maps the user IDs.
userIDs User IDs to map to the role and authorization group.

Syntax

AdminAuthorizations.mapUsersToAdminRole(authGroupName, adminRole, userIDs)

Example usage

AdminAuthorizations.mapUsersToAdminRole("myAuthGroup", "administrator", "user01 user02 user03")


deleteAuthorizationGroup

This script removes an authorization group from the security configuration.

deleteAuthorizationGroup argument descriptions. Run the script with the authorization group argument.

Argument Description
authGroupName Name of the authorization group to delete.

Syntax

AdminAuthorizations.deleteAuthorizationGroup(authGroupName)

Example usage

AdminAuthorizations.deleteAuthorizationGroup("myAuthGroup")


removeGroupFromAllAdminRoles

This script removes a specific group from an administrative role in each authorization group in the configuration.

removeGroupFromAllAdminRoles argument description. Run the script with the group ID argument.

Argument Description
groupID Group ID to remove from the administrative role in each authorization group in the configuration.

Syntax

AdminAuthorizations.removeGroupFromAllAdminRoles(groupID)

Example usage

AdminAuthorizations.removeGroupFromAllAdminRoles("group01")


removeGroupsFromAdminRole

This script removes specific groups from an administrative role in the authorization group of interest.

removeGroupsFromAdminRole argument descriptions. Run the script with the authorization group name, administrative role, and group ID arguments.

Argument Description
authGroupName Name of the authorization group of interest.
adminRole Name of the administrative role from which to remove the user IDs.
groupIDs Group IDs to remove from the specific role in the authorization group.

Syntax

AdminAuthorizations.removeUsersFromAdminRole(authGroupName, adminRole, groupIDs)

Example usage

AdminAuthorizations.removeUsersFromAdminRole("myAuthGroup", "administrator", "group01 group02 group03")


removeResourceFromAuthorizationGroup

This script removes a specific resource from the authorization group of interest.

removeResourceFromAuthorizationGroup argument descriptions. Run the script with the authorization group name and resource name arguments.

Argument Description
authGroupName Name of the authorization group of interest.
resource Name of the resource to remove.

Syntax

AdminAuthorizations.removeResourceFromAuthorizationGroup(authGroupName, resource)

Example usage

AdminAuthorizations.removeResourceFromAuthorizationGroup("myAuthGroup", "Node=myNode:Server=myServer")


removeUserFromAllAdminRoles

This script removes a specific user from an administrative role in each authorization group in the configuration.

removeUserFromAllAdminRoles argument description. Run the script with the user ID argument.

Argument Description
userID User ID to remove from the administrative role in each authorization group in the configuration.

Syntax

AdminAuthorizations.removeUserFromAllAdminRoles(userID)

Example usage

AdminAuthorizations.removeUserFromAllAdminRoles("user01")


removeUsersFromAdminRole

This script removes specific users from an administrative role in the authorization group of interest.

Table 10. removeUsersFromAdminRole argument descriptions. Run the script to remove users from an administrative role.

Argument Description
authGroupName Name of the authorization group of interest.
adminRole Name of the administrative role from which to remove the user IDs.
userIDs User IDs to remove from the specific role in the authorization group.

Syntax

AdminAuthorizations.removeUsersFromAdminRole(authGroupName, adminRole, userIDs)

Example usage

AdminAuthorizations.removeUsersFromAdminRole("myAuthGroup", "administrator", "user01 user02 user03")


help

Table 11. help argument description. Run the help script to display the script procedures that the AdminClusterManagement script library supports. Specify the name of the script of interest.

Argument Description
script Name of the script of interest.

Syntax

AdminResources.help(script)

Example usage

AdminResources.help("listAuthorizationGroups")


listAuthorizationGroups

Display each authorization group in the security configuration. This script does not require arguments.

Syntax

AdminAuthorizations.listAuthorizationGroups()

Example usage

AdminAuthorizations.listAuthorizationGroups()


listAuthorizationGroupsForUserID

Display each authorization group to which a specific user ID has access.

Table 12. listAuthorizationGroupsForUserID argument description. Run the script with the user ID argument.

Argument Description
userID User ID for which to display authorization groups.

Syntax

AdminAuthorizations.listAuthorizationGroupsForUserID(userID)

Example usage

AdminAuthorizations.listAuthorizationGroupsForUserID("user01")


listAuthorizationGroupsForGroupID

Display each authorization group to which a specific group ID has access.

Table 13. listAuthorizationGroupsForGroupID argument description. Run the script with the group ID argument.

Argument Description
groupID Group ID for which to display authorization groups.

Syntax

AdminAuthorizations.listAuthorizationGroupsForGroupID(groupID)

Example usage

AdminAuthorizations.listAuthorizationGroupsForGroupID("group01")


listAuthorizationGroupsOfResource

Display each authorization group to which a specific resource is mapped.

Table 14. listAuthorizationGroupsOfResource argument description. Run the script with the resource name argument.

Argument Description
resource Resource of interest.

Syntax

AdminAuthorizations.listAuthorizationGroupsOfResource(resource)

Example usage

AdminAuthorizations.listAuthorizationGroupsOfResource("Node=myNode:Server=myServer")


listUserIDsOfAuthorizationGroup

Display the user IDs and access level that are associated with a specific authorization group.

Table 15. listUserIDsOfAuthorizationGroup argument description. Run the script with the authorization group name argument.

Argument Description
authGroupname Name of the authorization group of interest.

Syntax

AdminAuthorizations.listUserIDsOfAuthorizationGroup(authGroupName)

Example usage

AdminAuthorizations.listUserIDsOfAuthorizationGroup("myAuthGroup")


listGroupIDsOfAuthorizationGroup

Display the group IDs and access level that are associated with a specific authorization group.

Table 16. listGroupIDsOfAuthorizationGroup argument description. Run the script with the authorization group name argument.

Argument Description
authGroupname Name of the authorization group of interest.

Syntax

AdminAuthorizations.listGroupIDsOfAuthorizationGroup(authGroupName)

Example usage

AdminAuthorizations.listGroupIDsOfAuthorizationGroup("myAuthGroup")


listResourcesOfAuthorizationGroup

Display the resources that are associated with a specific authorization group.

Table 17. listResourcesOfAuthorizationGroup argument description. Run the script with the authorization group name argument.

Argument Description
authGroupname Name of the authorization group of interest.

Syntax

AdminAuthorizations.listResourcesOfAuthorizationGroup(authGroupName)

Example usage

AdminAuthorizations.listResourcesOfAuthorizationGroup("myAuthGroup")


listResourcesForUserID

Display the resources that a specific user ID can access.

Table 18. listResourcesForUserID argument description. Run the script with the user ID argument.

Argument Description
userID User ID of interest.

Syntax

AdminAuthorizations.listResourcesForUserID(userID)

Example usage

AdminAuthorizations.listResourcesForUserID("user01")


listResourcesForGroupID

Display the resources that a specific group ID can access.

Table 19. listResourcesForGroupID argument description. Run the script with the group ID argument.

Argument Description
groupID Group ID of interest.

Syntax

AdminAuthorizations.listResourcesForGroupID(groupID)

Example usage

AdminAuthorizations.listResourcesForGroupID("group01")

Fine-grained administrative security
Use the script library to automate the application serving environment using wsadmin.sh
Create a fine-grained administrative authorization group
Edit a fine-grained administrative authorization group

+

Search Tips   |   Advanced Search