The role-based policy framework parameters are located in the Java Authorization Contract for Containers (JACC) configuration file and in the authorization configuration file. These parameters are set at the time of JACC provider configuration and authorization server configuration. The role-based policy framework settings for the authorization table and the JACC provider can be modified separately for each WebSphere Application Server instance. The amwas.node_server.authztable.properties configuration file is generated from the authorization table. The configuration file is generated from the JACC provider, amwas.node_server.amjacc.properties. Both files are stored on the WebSphere Application Server profile_root/etc/tam directory, where profile_root is the directory that contains your profile. In the default i5?OS (OS/400) installation, profile_root is /QIBM/UserData/WebSphere/AppServer/V6/edition/profiles.
It is unlikely that you will need to change these properties, but these properties are described here for reference:
Supported properties include:
com.tivoli.pd.as.rbpf.AMAction=i
This property is used to signify that a user is granted access to a role.
This value is added to a Tivoli Access Manager access control list (ACL) and places invoke access on roles for users and groups.
com.tivoli.pd.as.rbpf.AMActionGroup=WebAppServer
This property sets the Tivoli Access Manager action group that serves as a container for the action that is specified by the com.tivoli.pd.as.rbpf.AMAction property.
The permission set in com.tivoli.pd.as.rbpf.AMAction property goes into this action group.
com.tivoli.pd.as.rbpf.PosRoot=WebAppServer
This property is used to determine where roles are stored in the protected object space.
com.tivoli.pd.as.rbpf.ProductId=deployedResources
This property specifies the location under the root location that is specified in the posroot property to separate other products in the protected object space. Embedded Tivoli Access Manager objects are found in the /WebAppServer/deployedResources directory and say AMWLS is in the /WebAppServer/WLS directory. The default value is deployedResources .
This property specifies the Tivoli Access Manager object space container name for the protected resources. The default location is the /WebAppServer/deployedResources/Resources directory.
com.tivoli.pd.as.rbpf.RoleContainerName=Roles
This property specifies the Tivoli Access Manager protected object space container name for the security roles. The default location is the /WebAppServer/deployedResources/Roles directory.
The previous settings cannot be changed after configuration.
Make changes in the template properties file before any configuration actions are performed. Properties that are changed after configuration will cause access decisions to fail.