IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Installation Guides > Installation Guide > Install IBM Tivoli Monitoring > Install the Tivoli Authorization Policy Server and tivcmd Command-Line Interface for Authorization Policy
IBM Tivoli Monitoring, Version 6.3 Fix Pack 2
Configure the Tivoli Authorization Policy Server feature after installation
If you only chose the Installation feature for the Tivoli Authorization Policy Server package at installation or update time, use the Modify operation of the IBM Installation Manager's to select the Configuration feature of the package after you have reviewed the Authorization Policy Server's deployment scripts. When you select the authorization policy server package, it is deployed to IBM Dashboard Application Services Hub.
Ensure that the configuration feature for IBM Dashboard Application Services Hub is already selected. The Tivoli Authorization Policy Server is an extension offering of the Dashboard Application Services Hub. As a result, an error message is displayed if you attempt to select the Authorization Policy Server configuration feature when Dashboard Application Services Hub is not configured.
If you selected the Installation feature when installing the packages, only the binaries and install scripts are laid down in your installation directory:
- C:\Program Files\IBM\JazzSM\AuthPolicyServer
- /opt/IBM/JazzSM/AuthPolicyServer
To add the Configuration feature, you must perform the following steps to modify the Tivoli Authorization Policy Server package:
- Log in as the user who installed IBM Dashboard Application Services Hub and authorization policy server.
- Start the IBM Installation Manager:
- Double-click the IBMIM.exe file located in the eclipse subdirectory in the directory where IBM Installation Manager was installed. The default path for IBM Installation Manager on Windows is C:\Program Files\IBM\Installation Manager.
- Execute the IBMIM binary under /opt/IBM/InstallationManager/eclipse.
- On the main Installation Manager window, click Modify.
- Select Core services in Jazz for Service Management. This contains the Tivoli Authorization Policy Server package. Click Next to continue.
- Expand the Authorization Policy Server node and select the Configuration check box. Click Next to continue.
- Specify an IBM Dashboard Application Services Hub administrative user name and password, such as smadmin and its password for the Common Configurations for Core services in Jazz for Service Management configuration parameters, and click Validate. These credentials are used to deploy the Infrastructure Management Dashboards for Servers application into the WebSphere Application Server for the IBM Dashboard Application Services Hub.
- The Tivoli Authorization Policy Server periodically compresses a file of the current set of authorization policies that is available for distribution. On a periodic interval, the dashboard data provider component of the portal server makes a request to the Tivoli Authorization Policy Server for the latest compressed file of policies. If there is a new file, it is obtained and extracted and this set of policies becomes the current set of policies that are used by the dashboard data provider.
Configure the Authorization Policy Server audit and policy distribution properties. Each property has the following default value and range:
- Audit log file count
- The maximum number of audit log files to keep at one time.
- Default value is 5. Range is greater than 1 and less than 99999.
- Audit log file size (megabytes)
- The maximum size of each log file in megabytes.
- Default size is 10. Range is greater than 1 and less than 99999.
- Audit log file directory
- The directory into which the log files are stored.
- Default value is <JAZZSM_INSTALL_DIR>\AuthPolicyServer\PolicyServer\audit
- Policy-distribution Polling interval (minutes)
- This property specifies how often the Authorization Policy Server updates the compressed file that contains the authorization policies that is downloaded by the dashboard data provider.
- Default value is 5. Range is 1 - 1440 minutes.
- Policy-distribution Polling directory
- The directory into which the version of the policies for distribution is stored.
- Default value is <JAZZSM_INSTALL_DIR>\AuthPolicyServer\PolicyServer\dist
- You must restart the Dashboard Application Services Hub after the Tivoli Authorization Policy Server installation is complete. Select either an automatic or manual restart of the Dashboard Application Services Hub and click Confirm. Click OK when prompted and Next to continue.
- The Modify Packages summary panel is displayed. Verify the changes and click Modify to add the Configuration feature.
- The Results window displays the package modification status. Click Finish to complete the modification.
What to do next
If you selected the option for a manual restart of Dashboard Application Services Hub in step 8, you must restart the application server for Dashboard Application Services Hub. You must restart the application server before you can use the Authorization Policy Server with the tivcmd CLI to create authorization policies.If you are configuring Tivoli Authorization Policy Server for the first time, perform the following additional tasks:
- Install the tivcmd Command Line Interface on the computers that administrators use to create authorization policies. Follow the instructions in Install the tivcmd Command Line Interface for Authorization Policy using the graphical user interface or Install or update the tivcmd Command Line Interface for Authorization Policy using console mode. The user credentials that you specified during the Authorization Policy Server installation are assigned to the PolicyAdministrator role. You must use these credentials with the tivcmd Command Line Interface to log in to the Authorization Policy Server and assign other administrators permission to create and work with authorization policy roles.
- The IBM Tivoli Monitoring Administrator's Guide provides examples of creating authorization policies for common scenarios in the Using role-based authorization policies chapter. Steps for configuring a dashboard environment to use authorization policies are outlined in the Preparing your dashboard environment chapter. For a complete list of tivcmd CLI commands, see the Command Reference.
Parent topic:
Install the Tivoli Authorization Policy Server and tivcmd Command-Line Interface for Authorization Policy