Running batch jobs under user credentials

You can allow batch jobs to run under credentials of the user when WebSphere® security is enabled.

About this task

The RUN_JOBS_UNDER_USER_CREDENTIAL variable allows users to enable or disable batch jobs to run under credentials of the user. When the job is dispatched to the endpoint, the batch container switches the credentials of the server to the credentials of the user. The credentials of the server are in the job step thread.

RUN_JOBS_UNDER_USER_CREDENTIAL can be created at any scope level and accepts values true or false. The default is false, which means that batch jobs run under server credentials.

When Java 2 Security is enabled, your batch applications must grant the following two permissions in the was.policy file of the application:
  • permission com.ibm.websphere.security.WebSphereRuntimePermission "SecOwnCredentials"
  • permission com.ibm.websphere.security.WebSphereRuntimePermission "ContextManager.getServerCredential"

The following steps describe how to create the custom property to enable or disable batch jobs to run under the credentials of a user after logging on to the administrative console:

Procedure

  1. Click Environment > WebSphere variables.
  2. Select a configuration scope, then click New. The general properties page opens.
  3. For Name, type RUN_JOBS_UNDER_USER_CREDENTIAL.
  4. For Value, type True or False to enable or disable jobs to run under user credential.
  5. Click OK, then click Save.

What to do next

Stop and start the server where the batch execution environment is installed.
Task topic    

Terms and conditions for information centers | Feedback

Last updated: April 17, 2014 04:48 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-base-iseries&topic=tgrid_bgcred
File name: tgrid_bgcred.html