Although it is very unlikely that you will need to change these
properties, use this file to reference supported properties within the role-based
policy framework.
The role-based policy framework parameters are located
in the Java Authorization Contract for Containers (JACC) configuration file
and in the authorization configuration file. They are set at the time of JACC
provider configuration and authorization server configuration. The role-based
policy framework settings for the authorization table and the JACC provider
can be modified separately for each WebSphere Application Server instance.
The amwas.node_server.authztable.properties configuration
file is generated from the authorization table. The amwas.node_name_server_name.amjacc.properties configuration file is generated from the JACC provider. Both files are stored
in the profile_root/etc/tam directory.
It is very unlikely that you might need to change these properties. The properties
are described here for reference:
Supported properties include:
- com.tivoli.pd.as.rbpf.AMAction=i
- This property is used to signify that a user is granted access to a role.
This value is added to a Tivoli Access Manager access control list (ACL) and
places invoke access on roles for users and groups.
- com.tivoli.pd.as.rbpf.AMActionGroup=WebAppServer
- This property sets the Tivoli Access Manager action group that serves
as a container for the action that is specified by the com.tivoli.pd.as.rbpf.AMAction
property. The permission set in the com.tivoli.pd.as.rbpf.AMAction property
goes into this action group.
- com.tivoli.pd.as.rbpf.PosRoot=WebAppServer
- This property is used to determine where roles are stored in the protected
object space.
- com.tivoli.pd.as.rbpf.ProductId=deployedResources
- This property specifies the location under the root location that is specified
in the posroot property to separate other products in the protected object
space. Embedded Tivoli Access Manager objects are found in the /WebAppServer/deployedResources directory.
The default value is deployedResources.
- com.tivoli.pd.as.rbpf.ResourceContainerName=Resources
- This property specifies the Tivoli Access Manager object space container
name for the protected resources. The default location is the /WebAppServer/deployedResources/Resources directory.
- com.tivoli.pd.as.rbpf.RoleContainerName=Roles
- This property specifies the Tivoli Access Manager protected object space
container name for the security roles. The default location is the /WebAppServer/deployedResources/Roles directory.
The previous settings cannot be changed after configuration.
Make changes in the template properties file before any configuration actions
are performed. Properties that are changed after configuration will cause
access decisions to fail.