Enable application groups

Application groups is a concept that allows you to define user groups within the database user registry with members (users or groups) contained in the federated LDAP user registry you configured. The benefit of application groups is that you can create Groups that are only used in WebSphere Portal. Run...

to add all required federated database user registries and run the wp-create-ldap

to add all required federated LDAP user registries to meet your business requirements before enabling application groups.

You can use application groups in the following scenarios:

Read-only LDAP

If you have a read-only LDAP, you cannot change the group membership of users and groups. If define access rights for certain users that are in different groups, you can create an Application group for these users with the required access rights.

Special group setup for WebSphere Portal

In this scenario setup a special group hierarchy that is only used by WebSphere Portal and not by other applications that access your LDAP. This can help you apply special access control rules just for WebSphere Portal because the roles assigned to the Application Group also apply to all of its members.

Application groups only apply to WebSphere Portal; it does not apply to external security managers. Also, application groups is not supported when using the default federated repository with a built-in file repository.

To enable application groups:

  1. Run...

      following

    to enable application groups:

    Option Description
    Windows ConfigEngine.bat wp-update-group-repository-relationship -DWasPassword=password -Drepository.id=ldapid -Drepository.forgroups=dbid from the profile_root/ConfigEngine directory
    UNIX ./ConfigEngine.sh wp-update-group-repository-relationship -DWasPassword=password -Drepository.id=ldapid -Drepository.forgroups=dbid from the profile_root/ConfigEngine directory
    i5/OS ConfigEngine.sh wp-update-group-repository-relationship -DWasPassword=password -Drepository.id=ldapid -Drepository.forgroups=dbid from the profile_root/ConfigEngine directory

  2. To stop and restart the server1 and WebSphere_Portal servers, where server1 is the name of the WAS and WebSphere_Portal is the name of the WebSphere Portal server:

    1. Open a command prompt and change to the following directory:

      • Windows: profile_root\bin

      • UNIX: profile_root/bin

      • i5/OS: profile_root/bin

    2. Enter the following command to stop the WAS:

      • Windows: stopServer.bat server1 -username admin_userid -password admin_password

      • UNIX: ./stopServer.sh server1 -username admin_userid -password admin_password

      • i5/OS: stopServer server1 -username admin_userid -password admin_password

    3. Enter the following command to stop the WebSphere_Portal server, where WebSphere_Portal is the name of the WebSphere Portal server:

      • Windows: stopServer.bat WebSphere_Portal -username admin_userid -password admin_password

      • UNIX: ./stopServer.sh WebSphere_Portal -username admin_userid -password admin_password

      • i5/OS: stopServer WebSphere_Portal -username admin_userid -password admin_password

    4. Enter the following command to start the WAS:

      • Windows: startServer.bat server1

      • UNIX: ./startServer.sh server1

      • i5/OS: startServer server1

    5. Enter the following command to start the WebSphere_Portal server, where WebSphere_Portal is the name of the WebSphere Portal server:

      • Windows: startServer.bat WebSphere_Portal

      • UNIX: ./startServer.sh WebSphere_Portal

      • i5/OS: startServer WebSphere_Portal


Parent topic:

Manage the user registry


Parent topic:

Additional security features