How do you use the the command line client to configure WebSphere to audit Tivoli Workload Scheduler (TWS) commands run by a user?
This document is not intended to instruct a user how to configure auditing for TWS as a whole, but rather, how to audit commands run via the command line client when using composer or conman.
In the event you need to configure access to WebSphere for users from the command line, these are points to keep in mind.
- User credentials are found in the file:
- The name of the useropts file is defined in the <TWSHome>/localopts file. For example:
USEROPTS = useropts_m86
$ ls -l $HOME/.TWS
-rw-rw-r-- 1 m86 m86 52 Apr 25 08:20 useropts_m86
- A useropts file includes:
PASSWORD = "ENCRYPT:<encrypted password>"
- If you want the ability to use a variable in place of a userid, it cannot be done within useropts. However, one way to accomplish auditing while keeping the same useropts file password is to remove the USERNAME from the useropts file. If the user name is missing, then the command line call will need to have the username specified. For example:
$ composer -username m86 li ws=@
$ conman "-username m86 sbf /tmp/file1;alias=file1j1"
This makes auditing possible.