This topic applies only on the z/OS operating system.

Global security enablement

Global security is necessary to secure the administrative console. However, proper planning is required because incorrectly enabling global security can lock you out of the administrative console, or cause the server to abend.

Global security can be thought of as a big switch that activates a wide variety of security settings for WebSphere Application Server. Values for these settings can be specified, but they will not take effect until global security is activated. The settings include the authentication of users, the use of Secure Sockets Layer (SSL), the choice of user registry and Java 2 security. In particular, application security, including authentication and role-based authorization, is not enforced unless global security is active. Global security is disabled by default to simplify the installation of the server. However, after you build a server and install the administrative console, any user can log on to the administrative console and a password is not required.

Why turn on global security?

Turning on global security activates the settings that protect your server from unauthorized users. There might be some environments where no security is needed such as a development system. On these systems you can elect not to enable global security. However, in most environments you should keep unauthorized users from accessing the administrative console and your business applications. Global security must be enabled to restrict access.

What does global security protect?

The settings that are activated when global security is enabled include:
  • Authentication of HTTP clients
  • Authentication of IIOP clients
  • Administrative console security
  • Naming security
  • Use of SSL transports
  • Role-based authorization checks of servlets, enterprise beans, and mbeans
  • Propagation of identities (RunAs)
  • CBIND checks



Related concepts
WebSphere Application Server security for z/OS
Security planning overview
Concept topic    

Terms of Use | Feedback

Last updated: Sep 20, 2010 11:08:29 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-nd-mp&topic=csecenablglobl
File name: csec_enablglobl.html