Map resources to security domains
Use this topic to assign management resources to security domains. Set management resources to the security domains to customize your security configuration for a cell, server, or cluster.
Users assigned to the administrator role can configure security domains. Verify that we have the appropriate administrative role before configuring security domains. Also, create a security domain, or copy an existing security domain before assigning resources to a security domain.
After creating a security domain, we can map management resources to the security domain. We can assign resources to a security domain at the server, cell, and cluster level. Use the following steps to assign a resource to a security domain:
- Launch the wsadmin scripting tool using the Jython scripting language. See the Starting the wsadmin scripting client article for more information.
- Determine which security domain to map a resource.
Use the listSecurityDomains command to view a list of security domains in the configuration. Specify true for the optional -listDescription parameter to list the description for each security domain, as the following Jython example demonstrates:
print AdminTask.listSecurityDomains('-listDescription true')
The command returns the following example attribute list output:
{{name myDomain} {description {security domain for administrative applications}}} {{name domain2} {description {new domain for cell123}}}
- Assign a resource to a security domain.
Use the mapResourceToSecurityDomain command to assign a management resource to the security domain. For example, use the following Jython command to secure all applications on the server1 cell with the security attributes in the domain2 security domain:
AdminTask.mapResourceToSecurityDomain('-securityDomainName domain2 -resourceName Cell=myCell:Node=myNode:Server=server1')
- Save the configuration changes.
Use the following command example to save the configuration changes:
AdminConfig.save()
Results
Your security domain is updated in the configuration. All applications in the specified resource use the security attributes specified by the security domain. If the security domain does not contain all security attributes, then the missing attributes are obtained from the global security configuration.
What to do next
Restart each resource that we assigned to a security domain.
Related tasks
Configure security domains Manage servers and nodes Start the wsadmin scripting client