IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Use role-based authorization policies
IBM Tivoli Monitoring, Version 6.3 Fix Pack 2
Change the Authorization Policy Server configuration properties after installation and configuration
After the Tivoli Authorization Policy Server package is installed and configured, you can change the Authorization Policy Server configuration parameters for audit logging and policy distribution.
- Audit properties
- You can modify the properties that specify the location of the Authorization Policy Server audit log files, the maximum size of an audit log file, and the maximum number of audit log files to keep at one time.
- Policy distribution properties
- The Authorization Policy Server periodically compresses a file of the current set of authorization policies that is available for distribution. On a periodic interval, the dashboard data provider component of the portal server makes a request to the Authorization Policy Server for the latest compressed file of policies. If there is a new file, it is obtained and extracted and this set of policies becomes the current set of policies that are used by the dashboard data provider. You can modify the properties that specify the directory where the authorization policies are saved for distribution and how often the current authorization policies are copied to this directory.
You use the WebSphere Application Server administrator console of the Dashboard Application Services Hub where the Authorization Policy Server is installed to change the configuration properties of the policy server. After any change is made, you must restart the WebSphere Application Server for Dashboard Application Services Hub to pick up the property changes.Perform the following steps to change the configuration properties for audit logging and policy distribution:
Procedure
- Log in to the WebSphere Administrative Console of the Dashboard Application Services Hub where the Authorization Policy Server is installed.
- In a browser, open the Dashboard Application Services Hub console. By default, the URL is https://hostname:16311/ibm/console.
If your environment was configured with a port number other than the default, enter that number instead. The default path to the server is /ibm/console. However, this path is configurable, and might differ from the default in your environment.
- Enter a user name and password and click Go. The user name must be assigned to the Dashboard Application Services Hub administrator and iscadmins roles.
- Click the Console Settings icon and select WebSphere Administrative Console.
- Click Launch WebSphere administrative console.
- Navigate to the page that contains the configuration properties for audit logging and policy distribution.
- Click Resources → Resource Environment → Resource Environment entries.
- On the page that opens, click the AuthzResourceReference link.
- On the page that opens, under Additional Properties, click Custom properties.
- A table is displayed with the following properties:
- AUDIT_COUNT
- The maximum number of audit log files to keep at one time. Default value is 5. Range is greater than 1 and less than 99999.
- AUDIT_FILE_SIZE
- The maximum size of each log file in megabytes.
- AUDIT_ROOT_DIRECTORY
- The directory into which the audit log files are stored.
Default value is <JAZZSM_INSTALL_DIR>\AuthPolicyServer\PolicyServer\audit
If you modify this value to point to a different directory, you must ensure that the directory exists and has the same permissions as the <JAZZSM_INSTALL_DIR>\AuthPolicyServer\PolicyServer\xacml directory.
- DIST_POLL_INTERVAL
- This property specifies how often the Authorization Policy Server updates the compressed file containing the authorization policies that is downloaded by the dashboard data provider.
Default value is 5. Range is 1 - 1440 minutes.
- DIST_ROOT_DIRECTORY
- The directory into which the version of the policies for distribution is stored.
Default value is <JAZZSM_INSTALL_DIR>\AuthPolicyServer\PolicyServer\dist
If you modify this value to point to a different directory, you must ensure that the directory exists and has the same permissions as the <JAZZSM_INSTALL_DIR>\AuthPolicyServer\PolicyServer\xacml directory.
- SEED_ROOT_DIRECTORY
- The policy store seed directory. You should not modify this property.
- XACML_ROOT_DIRECTORY
- The policy store root directory. You should not modify this property.
- Modify the value of a property.
- Click a property name link in the Custom properties table, for example AUDIT_COUNT.
- On the page that opens, modify the Value field as required.
- Click OK.
- Repeat these steps for each property to be changed.
- Save the changes.
- On the message box that opens after the first property change, click Save.
- Log out of the WebSphere administrative console.
- Recycle the Dashboard Application Services Hub's WebSphere Application Server.
Parent topic:
Use role-based authorization policies