Set explicit authorities for the startServer and stopServer scripts

Set explicit authorities to allow a user profile to start and stop application servers even if the profile does not have *ALLOBJ authority. When you set these authorities for a user profile, that user profile can also use the HTTP Administration forms to start and stop application servers.

• For WebSphere Application Server
• For WebSphere Application Server Network Deployment

For WebSphere Application Server

Notes:

• In the steps below, userid is the user profile for which you want to set the authorities.
• If you are using the default WebSphere Application Server instance, specify a value of default for the instance variable in these steps.
• If you want to set authorities for the startNode and stopNode scripts, follow the steps below, but substitute startNode and stopNode as appropriate.

Set authorities for the startServer script

To set explicit authorities for the startServer script, follow these steps:

1. Run these commands on an OS/400 command line:

   1. CHGAUT OBJ('/QIBM/ProdData/WebAS5/Base/bin/startServer') USER(USERID) DTAAUT(*RX)

   2. CHGUSRPRF USRPRF(userid) SPCAUT(*JOBCTL)

   3. GRTOBJAUT OBJ(QEJBAS5/STRSVRWAIT) OBJTYPE(*PGM) USER(USERID) AUT(*USE)

   4. GRTOBJAUT OBJ(QEJBAS5/QEJBJOBD) OBJTYPE(*JOBD) USER(USERID) AUT(*USE)

   5. GRTOBJAUT OBJ(QEJBAS5/QEJBJOBQ) OBJTYPE(*JOBQ) USER(USERID) AUT(*USE)

   6. GRTOBJAUT OBJ(QSYS/QEJBSVR) OBJTYPE(*USRPRF) USER(USERID) AUT(*USE)

   7. If QEJBSVR is not authorized to the output queue of the userid user profile, grant QEJBSVR *USE authority to the output queue:

      GRTOBJAUT OBJ(outqlib/outqname) OBJTYPE(*OUTQ) USER(QEJBSVR) AUT(*USE)

      If you do not want to grant explicit authority to the user's output queue, create an output queue to which QEJBSVR is authorized and use the SBMJOB CL command to start the server. Specify the appropriate value for the OUTQ parameter on the SBMJOB command.

2. Run the Start Qshell (STRQSH) command from the OS/400 command line.

3. In Qshell, run these commands:

   1. /QIBM/ProdData/WebAS5/Base/bin/grtwasaut -instance instance -user userid 
        -dtaaut rx

   2. /QIBM/ProdData/WebAS5/Base/bin/grtwasaut -instance instance -user userid
        -dtaaut rx -object bin -recursive

After you perform these steps, the user profile can start the server from Qshell with either of these commands:

• /QIBM/ProdData/WebAS5/Base/bin/startServer -instance instance -nowait

  This command starts the default server (instance) for instance instance.

• SBMJOB CMD(CALL PGM(QEJBAS5/QEJBSTRSVR) PARM('-instance'
    '/QIBM/UserData/WebAS5/Base/instance' '-server' 'server')) JOB(server)
    JOBD(QEJBAS5/QEJBJOBD) JOBQ(QEJBAS5/QEJBJOBQ) USER(QEJBSVR) LANGID(*USRPRF)
    CNTRYID(*USRPRF) CCSID(*USRPRF)

  where instance is the name of the instance that you want to start and server is the name of the server in that instance.

Note: The givedescriptor API used by The STRSVRWAIT program uses the givedescriptor API. This API requires *ALLOBJ in certain situations. As a result, if your user profile does not have *ALLOBJ authority, include the -nowait parameter when you run the startServer script.

Set authorities for the stopServer script

To set explicit authorities for the stopServer script, follow these steps:

1. On an OS/400 command line, run this command:

   CHGAUT OBJ('/QIBM/ProdData/WebAS5/Base/bin/stopServer') USER(USERID) DTAAUT(*RX)

2. Run the Start Qshell (STRQSH) command from the OS/400 command line.

3. In Qshell, run these commands:

   1. /QIBM/ProdData/WebAS5/Base/bin/grtwasaut -instance instance -user userid
        -dtaaut rx

   2. /QIBM/ProdData/WebAS5/Base/bin/grtwasaut -instance instance -user userid
        -dtaaut rx -object bin -recursive

   3. /QIBM/ProdData/WebAS5/Base/bin/grtwasaut -instance instance -user userid
        -dtaaut rx -object properties

   4. /QIBM/ProdData/WebAS5/Base/bin/grtwasaut -instance instance -user userid
        -dtaaut rx -object properties/java.security

After you perform these steps, the user profile can run this command from Qshell to stop the server:

/QIBM/ProdData/WebAS5/Base/bin/stopServer -instance instance

where instance is the name of the instance that you want to stop. This command stops the default server (instance) for instance instance.

For WebSphere Application Server Network Deployment

Notes:

• In the steps below, userid is the user profile for which you want to set the authorities.
• If you are using the default WebSphere Application Server Network Deployment instance, specify a value of default for the instance variable in these steps.
• If you want to set authorities for the startServer and stopServer scripts, follow the steps below, but substitute startServer and stopServer as appropriate.

Set authorities for the startManager script

To set explicit authorities for the startManager script, follow these steps:

1. Run these commands on an OS/400 command line:

   1. CHGAUT OBJ('/QIBM/ProdData/WebAS5/ND/bin/startManager') USER(USERID) DTAAUT(*RX)

   2. CHGUSRPRF USRPRF(userid) SPCAUT(*JOBCTL)

   3. GRTOBJAUT OBJ(QEJBAS5/STRSVRWAIT) OBJTYPE(*PGM) USER(USERID) AUT(*USE)

   4. GRTOBJAUT OBJ(QEJBAS5/QEJBNDJOBD) OBJTYPE(*JOBD) USER(USERID) AUT(*USE)

   5. GRTOBJAUT OBJ(QEJBAS5/QEJBNDJOBQ) OBJTYPE(*JOBQ) USER(USERID) AUT(*USE)

   6. GRTOBJAUT OBJ(QSYS/QEJBSVR) OBJTYPE(*USRPRF) USER(USERID) AUT(*USE)

   7. If QEJBSVR is not authorized to the output queue of the userid user profile, grant QEJBSVR *USE authority to the output queue:

      GRTOBJAUT OBJ(outqlib/outqname) OBJTYPE(*OUTQ) USER(QEJBSVR) AUT(*USE)

      If you do not want to grant explicit authority to the user's output queue, create an output queue to which QEJBSVR is authorized and use the SBMJOB CL command to start the server. Specify the appropriate value for the OUTQ parameter on the SBMJOB command.

2. Run the Start Qshell (STRQSH) command from the OS/400 command line.

3. In Qshell, run these commands:

   1. /QIBM/ProdData/WebAS5/ND/bin/grtwasaut -instance instance -user userid 
        -dtaaut rx

   2. /QIBM/ProdData/WebAS5/ND/bin/grtwasaut -instance instance -user userid
        -dtaaut rx -object bin -recursive

After you perform these steps, the user profile can start the server from Qshell with either of these commands:

• /QIBM/ProdData/WebAS5/ND/bin/startManager -instance instance -nowait

  This command starts the default server (instance) for instance instance.

• SBMJOB CMD(CALL PGM(QEJBAS5/QEJBSTRSVR) PARM('-instance'
    '/QIBM/UserData/WebAS5/ND/instance' '-server' 'server')) JOB(server)
    JOBD(QEJBAS5/QEJBNDJOBD) JOBQ(QEJBAS5/QEJBNDJOBQ) USER(QEJBSVR) LANGID(*USRPRF)
    CNTRYID(*USRPRF) CCSID(*USRPRF) OUTQ(QEJBAS5/QEJBOUTQ)

  where instance is the name of the instance that you want to start and server is the name of the server in that instance.

Note: The givedescriptor API used by The STRSVRWAIT program uses the givedescriptor API. This API requires *ALLOBJ in certain situations. As a result, if your user profile does not have *ALLOBJ authority, include the -nowait parameter when you run the startManager script.

Set authorities for the stopManager script

To set explicit authorities for the stopManager script, follow these steps:

1. On an OS/400 command line, run this command:

   CHGAUT OBJ('/QIBM/ProdData/WebAS5/ND/bin/stopManager') USER(USERID) DTAAUT(*RX)

2. Run the Start Qshell (STRQSH) command from the OS/400 command line.

3. In Qshell, run these commands:

   1. /QIBM/ProdData/WebAS5/ND/bin/grtwasaut -instance instance -user userid
        -dtaaut rx

   2. /QIBM/ProdData/WebAS5/ND/bin/grtwasaut -instance instance -user userid
        -dtaaut rx -object bin -recursive

   3. /QIBM/ProdData/WebAS5/ND/bin/grtwasaut -instance instance -user userid
        -dtaaut rx -object properties

   4. /QIBM/ProdData/WebAS5/ND/bin/grtwasaut -instance instance -user userid
        -dtaaut rx -object properties/java.security

After you perform these steps, the user profile can run this command from Qshell to stop the server:

/QIBM/ProdData/WebAS5/ND/bin/stopManager -instance instance

where instance is the name of the instance that you want to stop. This command stops the default server (instance) for instance instance.