Verify external authorization to Tivoli Access Manager

To verify that Tivoli Access Manager is working properly:

1. Verify the topology matches the topology described in the protected object space.

   For example, ensure the value of the parameter...

   wp.ac.impl.PDroot

   .exists in the Tivoli Access Manager protected object space.

2. Verify that at least one user, typically the administrator, has the role...
   Administrator@VIRTUAL/EXTERNAL ACCESS CONTROL_1

   .by running...

   pdadmin> acl show WPS_Administrator-VIRTUAL_wps-EXTERNAL_ACCESS_CONTROL_1

3. To add the administrator to the role if no entry is found...
   pdadmin> acl modify WPS_Administrator-VIRTUAL_wps-EXTERNAL_ACCESS_CONTROL_1 set user wpsadmin T [WPS]m
   pdadmin> acl modify WPS_Administrator-VIRTUAL_wps-EXTERNAL_ACCESS_CONTROL_1 set group wpsadmins T [WPS]m

   .where wpsadmin is the administrator user ID and wpsadmins is the administrator group.

4. For a role that you want to externalize...
   Resource Permissions | Resource type | Assign Access icon | Edit Role icon | Add | Search for Users or User Groups | OK

   An informational message box should display the message that members were successfully added to the role.

5. Explicitly assign additional roles.

   If you do not assign at least one user or group to each role type for the resource, use the external security manager interface to create this role type later. For example, if you do not assign any users or groups to the Editor role type for the resource, then use the external security manager interface to create the Editor role type later.

6. Click the Externalize icon for the resource. These steps move every role that is defined for each resource you assigned to the Tivoli Access Manager protected object space. One ACL is created for each externalized role.

7. Add users to the ACLs that are attached to the role types on that resource by using either the Tivoli Access Manager GUI or the pdadmin command line.

   If you log on as an administrator to externalize resources to Tivoli Access Manager,

   You must be a member of the wpsadmins group.

   The wpsadmins group must appear in the VIRTUAL/EXTERNAL_ACCESS_CONTROL_1 ACL.

Parent

Configure Tivoli Access Manager

+

Search Tips   |   Advanced Search