Administrative roles for business level applications

WAS v8.5 > Reference > Sets
Administrative roles for business level applications

The J2EE role-based authorization concept is extended to protect the WebSphere Application Server administrative subsystem. This protection applies to those administrative roles associated with business level applications.

Deploying business level applications on a server configured to hold business level applications requires a number of administrative roles that are defined to provide degrees of authority when performing certain administrative functions from either the Web-based dmgr console or the system management scripting interface. The authorization policy is only enforced when administrative security is enabled. The following table describes the system management scripting command used for business level applications and the corresponding administrative role required in using the command:
Business level application - administrative roles. Business level application - administrative roles

Command Role Required

startBLA Cell deployer, Cell operator, BLA deployer, BLA operator, Target deployer, Target operator
stopBLA Cell deployer, Cell operator, BLA deployer, BLA operator, Target deployer, Target operator
createEmptyBLA Cell configurator, Cell deployer
editBLA Cell configurator, Cell deployer, BLA deployer
viewBLA Cell monitor, BLA monitor
listBLAs Cell monitor, BLA monitor(s)
deleteBLA Cell configurator, Cell deployer, BLA developer
importAsset Cell configurator, Cell deployer
editAsset Cell configurator, Cell deployer, Asset deployer
viewAsset Cell monitor, Asset monitor(s)
listAssets Cell monitor, Asset monitor
exportAsset Cell monitor, Asset monitor
deleteAsset Cell configurator, Cell deployer, Asset deployer
updateAsset Cell configurator, Cell deployer, Asset deployer
addCompUnit Cell configurator, Cell deployer, BLA deployer (for the BLA to add the composition unit)
+ Asset-deployer (for the asset to create the composition unit from)
+ Target-deployer (for each target the composition unit is deployed to)
+ Relationship-deployer (for each relationship the composition unit depends on that will result in creating a composition unit from the dependency asset)
editCompUnit Cell configurator, Cell deployer, BLA deployer (for the BLA this composition unit belongs to)
+ Target deployer (for each target that this composition unit is deployed to)
viewCompUnit Cell monitor, BLA monitor
listCompUnit Cell monitor, BLA monitor
deleteCompUnit Cell configurator, Cell deployer, BLA deployer (for the BLA this composition unit belongs to)
+ Target deployer (for each target that this composition unit is deployed to)
setCompUnitTargetAutoStart Cell configurator, Cell deployer
listControlOps Cell monitor, BLA monitor
getBLAStatus Cell monitor, BLA monitor
Where:

BLA deployer specifies the deployer role for the BLA that is being managed.
BLA monitor specifies the monitor role for the BLA that is being managed.
BLA operator specifies the operator role for the BLA that is being managed.
Asset deployer specifies the deployer role for the asset that is being managed.
Asset monitor specifies the monitor role for the asset that is being managed.
Target deployer specifies the deployer for the target the composition unit is being deployed to.
Target operator specifies the operator role for the target the composition unit is being deployed to.

Related concepts:

Administrative roles and naming service authorization

Related

Deploy business-level applications

Reference:

BLAManagement command group for AdminTask using wsadmin.sh
Administrative roles

+
Search Tips | Advanced Search

Command	Role Required
startBLA	Cell deployer, Cell operator, BLA deployer, BLA operator, Target deployer, Target operator
stopBLA	Cell deployer, Cell operator, BLA deployer, BLA operator, Target deployer, Target operator
createEmptyBLA	Cell configurator, Cell deployer
editBLA	Cell configurator, Cell deployer, BLA deployer
viewBLA	Cell monitor, BLA monitor
listBLAs	Cell monitor, BLA monitor(s)
deleteBLA	Cell configurator, Cell deployer, BLA developer
importAsset	Cell configurator, Cell deployer
editAsset	Cell configurator, Cell deployer, Asset deployer
viewAsset	Cell monitor, Asset monitor(s)
listAssets	Cell monitor, Asset monitor
exportAsset	Cell monitor, Asset monitor
deleteAsset	Cell configurator, Cell deployer, Asset deployer
updateAsset	Cell configurator, Cell deployer, Asset deployer
addCompUnit	Cell configurator, Cell deployer, BLA deployer (for the BLA to add the composition unit) + Asset-deployer (for the asset to create the composition unit from) + Target-deployer (for each target the composition unit is deployed to) + Relationship-deployer (for each relationship the composition unit depends on that will result in creating a composition unit from the dependency asset)
editCompUnit	Cell configurator, Cell deployer, BLA deployer (for the BLA this composition unit belongs to) + Target deployer (for each target that this composition unit is deployed to)
viewCompUnit	Cell monitor, BLA monitor
listCompUnit	Cell monitor, BLA monitor
deleteCompUnit	Cell configurator, Cell deployer, BLA deployer (for the BLA this composition unit belongs to) + Target deployer (for each target that this composition unit is deployed to)
setCompUnitTargetAutoStart	Cell configurator, Cell deployer
listControlOps	Cell monitor, BLA monitor
getBLAStatus	Cell monitor, BLA monitor
	Where: BLA deployer specifies the deployer role for the BLA that is being managed. BLA monitor specifies the monitor role for the BLA that is being managed. BLA operator specifies the operator role for the BLA that is being managed. Asset deployer specifies the deployer role for the asset that is being managed. Asset monitor specifies the monitor role for the asset that is being managed. Target deployer specifies the deployer for the target the composition unit is being deployed to. Target operator specifies the operator role for the target the composition unit is being deployed to.