Administrative roles for business level applications

Administrative roles for business level applications

The J2EE (J2EE) role-based authorization concept is extended to protect the WebSphere Application Server administrative subsystem. This protection applies to those administrative roles associated with business level applications.

Deploy business level applications on a server configured to hold business level applications requires a number of administrative roles defined to provide degrees of authority when performing certain administrative functions from either the Web-based administrative console or the system management scripting interface. The authorization policy is only enforced when administrative security is enabled. The following table describes the system management scripting command used for business level applications and the corresponding administrative role required in using the command:

Command Role Required
startBLA Cell deployer, Cell operator, BLA deployer, BLA operator, Target deployer, Target operator
stopBLA Cell deployer, Cell operator, BLA deployer, BLA operator, Target deployer, Target operator
createEmptyBLA Cell configurator, Cell deployer
editBLA Cell configurator, Cell deployer, BLA deployer
viewBLA Cell monitor, BLA monitor
listBLAs Cell monitor, BLA monitor(s)
deleteBLA Cell configurator, Cell deployer, BLA developer
importAsset Cell configurator, Cell deployer
editAsset Cell configurator, Cell deployer, Asset deployer
viewAsset Cell monitor, Asset monitor(s)
listAssets Cell monitor, Asset monitor
exportAsset Cell monitor, Asset monitor
deleteAsset Cell configurator, Cell deployer, Asset deployer
updateAsset Cell configurator, Cell deployer, Asset deployer
addCompUnit Cell configurator, Cell deployer, BLA deployer (for the BLA to add the composition unit)
+ Asset-deployer (for the asset to create the composition unit from)

+ Target-deployer (for each target the composition unit is deployed to)

+ Relationship-deployer (for each relationship the composition unit depends on that will result in creating a composition unit from the dependency asset)

editCompUnit Cell configurator, Cell deployer, BLA deployer (for the BLA this composition unit belongs to)
+ Target deployer (for each target that this composition unit is deployed to)

viewCompUnit Cell monitor, BLA monitor
listCompUnit Cell monitor, BLA monitor
deleteCompUnit Cell configurator, Cell deployer, BLA deployer (for the BLA this composition unit belongs to)
+ Target deployer (for each target that this composition unit is deployed to)

setCompUnitTargetAutoStart Cell configurator, Cell deployer
listControlOps Cell monitor, BLA monitor
getBLAStatus Cell monitor, BLA monitor

Where:

BLA deployer specifies the deployer role for the BLA being used managed.
BLA monitor specifies the monitor role for the BLA being used managed.
BLA operator specifies the operator role for the BLA being used managed.
Asset deployer specifies the deployer role for the asset being used managed.
Asset monitor specifies the monitor role for the asset being used managed.
Target deployer specifies the deployer for the target that the composition unit is being deployed to.
Target operator specifies the operator role for the target that the composition unit is being deployed to.

Related:

Administrative roles and naming service authorization
Deploy and administering business-level applications
BLAManagement .
Administrative roles

Command	Role Required
startBLA	Cell deployer, Cell operator, BLA deployer, BLA operator, Target deployer, Target operator
stopBLA	Cell deployer, Cell operator, BLA deployer, BLA operator, Target deployer, Target operator
createEmptyBLA	Cell configurator, Cell deployer
editBLA	Cell configurator, Cell deployer, BLA deployer
viewBLA	Cell monitor, BLA monitor
listBLAs	Cell monitor, BLA monitor(s)
deleteBLA	Cell configurator, Cell deployer, BLA developer
importAsset	Cell configurator, Cell deployer
editAsset	Cell configurator, Cell deployer, Asset deployer
viewAsset	Cell monitor, Asset monitor(s)
listAssets	Cell monitor, Asset monitor
exportAsset	Cell monitor, Asset monitor
deleteAsset	Cell configurator, Cell deployer, Asset deployer
updateAsset	Cell configurator, Cell deployer, Asset deployer
addCompUnit	Cell configurator, Cell deployer, BLA deployer (for the BLA to add the composition unit) + Asset-deployer (for the asset to create the composition unit from) + Target-deployer (for each target the composition unit is deployed to) + Relationship-deployer (for each relationship the composition unit depends on that will result in creating a composition unit from the dependency asset)
editCompUnit	Cell configurator, Cell deployer, BLA deployer (for the BLA this composition unit belongs to) + Target deployer (for each target that this composition unit is deployed to)
viewCompUnit	Cell monitor, BLA monitor
listCompUnit	Cell monitor, BLA monitor
deleteCompUnit	Cell configurator, Cell deployer, BLA deployer (for the BLA this composition unit belongs to) + Target deployer (for each target that this composition unit is deployed to)
setCompUnitTargetAutoStart	Cell configurator, Cell deployer
listControlOps	Cell monitor, BLA monitor
getBLAStatus	Cell monitor, BLA monitor
	Where: BLA deployer specifies the deployer role for the BLA being used managed. BLA monitor specifies the monitor role for the BLA being used managed. BLA operator specifies the operator role for the BLA being used managed. Asset deployer specifies the deployer role for the asset being used managed. Asset monitor specifies the monitor role for the asset being used managed. Target deployer specifies the deployer for the target that the composition unit is being deployed to. Target operator specifies the operator role for the target that the composition unit is being deployed to.