Grant access to the ISAM ACLs

Grant IBM Security Access Manager groups access to their corresponding IBM Security Access Manager access control lists (ACLs).

For the administrator group (ITIM-Group), self-service group (ITIM-Self-Service-Group), and Identity Service Center group (ITIM-ISC-Group)...

  1. Add groups to the ACL with the acl modify acl_name set group group_name permissions command. For example, add the administrator group to its corresponding ACL:

      pdadmin> acl modify ITIM-ACL set group ITIM-Group Trx

    where:

      acl_name Name of the ACL groups to add.
      group_name Name of the group to add.
      permissions One or more of the following permissions:

        T Traverse subdirectories.
        r Read.
        x Execute.

  2. To allow unauthenticated users to only Traverse the directory, modify the ACL:

      acl modify ITIM-ACL set any-other T

  3. To modify the ACL to allow users who are not authenticated to only Traverse the directory, type this command:

      acl modify ITIM-ACL set unauthenticated T

  4. To modify the corresponding ACL to allow ITIM-Self-Service-Group the authority to Traverse directories and to also read and execute, type this command:

      acl modify ITIM-Self-Help-ACL set group ITIM-Self-Service-Group Trx

  5. To modify ITIM-Self-Help-ACL to allow unauthenticated users to only Traverse the directory, type this command:

      acl modify ITIM-Self-Help-ACL set any-other T

  6. To modify ITIM-Self-Help-ACL to allow users who are not authenticated to only Traverse the directory, type this command:

      acl modify ITIM-Self-Help-ACL set unauthenticated T

  7. To modify the corresponding ACL to allow ITIM-ISC-Group the authority to Traverse directories and to also read and execute, type this command:

      acl modify ITIM-ISC-ACL set group ITIM-ISC-Group Trx

  8. To modify ITIM-ISC-ACL to allow unauthenticated users to only Traverse the directory, type this command:

      acl modify ITIM-ISC-ACL set any-other T

  9. To modify ITIM-ISC-ACL to allow users who are not authenticated to only Traverse the directory, type this command:

      acl modify ITIM-ISC-ACL set unauthenticated T

Parent topic: Configure ISIM for SSO with application server trust association interceptors and ISAM WebSEAL