+

Search Tips   |   Advanced Search

Authorize access to administrative roles

We use the administrative console to assign users and groups to administrative roles and to identify users who can perform WAS administrative functions.

  1. Set up a user registry.

  2. Click...

      Users and Groups | [Administrative User Roles | Administrative Group Roles] | Add

  3. Specify a user, then select the Administrator role.

    Once the user is added to the "Mapped to role" list, click OK.

  4. To add a new administrative group, specify either a group name or a Special subject, highlight the Administrator role, and click OK.

    The specified group or special subject is mapped to the security role.

  5. To remove a user or group assignment, click Remove.

    On the Console Users or the Console Groups panel, select the check box of the user or group to remove and click OK.

  6. To manage the set of users or groups to display, click Show filter function on the User Roles or Group Roles panel.

    In the Search term(s) box, type a value, then click Go. For example, user* displays only users with the user prefix.

  7. After the modifications are complete, click Save to save the mappings.

  8. Restart the application server for changes to take effect.

  9. Shut down the nodes, node agents, and the deployment manager.

  10. Verify that Java processes are not running.

    If they are running, discontinue these processes.

  11. Restart the deployment manager.

  12. From each node, run...

      install_root/bin/syncNode

  13. From each node, run...

      install_root/bin/startNode

  14. Start any clusters, if applicable.


What to do next

After we assign users to administrative roles, we must restart the Deployment Manager for the new roles to take effect. However, the administrative resources are not protected until we enable security.


Subtopics


Related:

  • Role-based authorization
  • Access control exception for Java 2 security
  • Administrative roles and naming service authorization
  • Authorizing access to resources
  • Assigning users and groups to roles
  • Assigning users to RunAs roles
  • (ZOS) z/OS Controlling access to console users when using a Local OS Registry
  • syncNode command
  • startNode command