You can use authorization group properties files to map
users to administrative roles and resources to authorization groups.
Before you begin
Determine the property values that you want to set for
an authorization group configuration.
Start the wsadmin scripting
tool. To start wsadmin using the Jython language, run the wsadmin
-lang jython command from the bin directory
of the server profile.
About this task
Using a properties file, you can create or modify an authorization
group object and map users to administrative roles or resources to
groups.
Modify the following sample properties files for your
environment and apply:
Procedure
- Create an authorization group.
- Create a properties file that uses the createAuthorizationGroup
command and names the group.
The following example
creates an authorization group named ag1:
#
# Header
#
CreateDeleteCommandProperties=true
commandName=createAuthorizationGroup
#
#
# Properties
#
authorizationGroupName=ag1 #String,required
- Run the applyConfigProperties command.
Running the applyConfigProperties command
applies the properties file. In this Jython example, the optional -reportFileName parameter
produces a report named report.txt:
AdminTask.applyConfigProperties(['-propertiesFileName myObjectType.props -reportFileName report.txt'])
- Map users to administrative roles.
- Modify an AuthorizationGroup properties file so that
it lists users for administrative roles.
To add a
new user to a role, add the user to the role list. For example, to
add user5 to the administrators role list, change administrators={} to administrators={user:user5,group:group1}.
To
remove a user from a role, remove the user from the role list; for
example, adminsecuritymanagers={user:user4}. To remove
all users for a role, make the list empty.
#
# Header
#
ResourceType=AuthorizationGroup
ImplementingResourceType=AuthorizationGroup
ResourceId=CellAuthorizationGroup
#
#
# Properties
#
deployers={}
name=CellAuthorizationGroup
resources={}
configurators={}
monitors={}
operators={}
adminsecuritymanagers={user:user4}
auditors={special:SERVERID,special:PRIMARYADMINID}
administrators={user:user5,group:group1}
- Run the applyConfigProperties command.
- Map resources to administrative groups.
- Modify an AuthorizationGroup properties file so that
it lists resources.
To add a new resource to an authorization
group, add the resource to the resources list. To remove a resource
from an authorization group, remove the resource from the list.
The
following example maps users to administrative roles of an authorization
group and maps resources to an authorization group. An authorization
group is used to enable fine-grained administrative security.
#
# Header
#
ResourceType=AuthorizationGroup
ImplementingResourceType=AuthorizationGroup
ResourceId=AuthorizationGroup=ag1
#
#
# Properties
#
deployers={}
name=ag1
resources={Cell=!{cellName}:Node=!{nodeName}:Server=!{serverName},Cell=!{cellName}:Deployment=myApp}
configurators={}
monitors={}
operators={}
adminsecuritymanagers={}
auditors={}
administrators={user:user5,group:group1}
#
EnvironmentVariablesSection
#
# Environment Variables
cellName=myCell
nodeName=myNode
serverName=myServer
- Run the applyConfigProperties command.
Results
You can use the properties file to configure and manage
authorization groups.
What to do next
Save the changes to your configuration.