If you have configured IBM® Business Process Manager to
work with an external security provider, you can view the groups from
that external provider in the Process Admin Console, but you cannot
edit the external groups. You can, however, add users and groups from
your external provider to any IBM BPM security
groups that you create. You can also combine accounts from different
providers into one group.
Before you begin
Log in to the Process Admin Console.
Note: To create and maintain
groups, log in as an administrative user, such as the default administrative
user account, or an account that you added during installation that
has administrator privileges. If you added a new administrative user,
the user is added to the tw_admins user group. Members
in the administrators group, by default, tw_admins can
administer Process Servers, Performance Data Warehouses, and internal
users and groups.
About this task
The default installation of IBM Business Process Manager provides
a federated repository that contains the WebSphere® Application
Server file registry.
To implement an external security provider, which uses a different
user registry than the WebSphere Application
Server file registry,
you must add the provider to the federated repository. Several types
of repositories are supported, including the local operating system
registry, a standalone Lightweight Directory Access Protocol (LDAP)
registry, a standalone custom registry, and federated repositories.
See
the related links at the bottom of this topic for more information
about registries and external security providers.
Note: Groups
created in IBM Business
Process Manager cannot
be edited in WebSphere Application
Server and
groups created in WebSphere Application
Server cannot
be edited in IBM Business
Process Manager.
Security
considerations for
IBM Business Process Manager- Users and groups created in the WebSphere Application
Server administrative
console are stored in the file registry.
- Internal users and groups are managed through the Process Admin
Console.
For a list of
IBM Business Process Manager default
security groups, see
IBM Business Process Manager default group types.
Procedure
- To create a group, perform the following steps:
- In the Server Admin area of the Process Admin Console,
click the indicator next to User Management to
list the available management options.
- Click Group Management.
- In the Group Management window, click New
Group.
- In the Create Group window, enter a name and a description
for the group, then click Save.
The group appears in the list and new members can be added.
- To add members to a group, perform the following steps:
- In the Server Admin area of the Process Admin Console,
click the indicator next to User Management to
list the available management options.
- Click Group Management.
- In the Group Management window, enter a partial or complete
group name in the Select Group to Modify field.
Tip: To see all the groups, enter ** in
the Select Group to Modify field.
- From the list of groups displayed, click the group that
you want to update.
- Click Add Members next to the
selected group.
- In the Add Users and Groups window, enter the name of
the user or group that you want to add in the Search for
Name field. You can enter part of the name
and the window displays all accounts that match.
Tip: * is
the only recognized wildcard character supported for the Search
for Name field.
The added users and groups now show as members
of the selected group.
- (Deprecated): To designate a Team Manager group
for a group, perform the following steps:
- In the Server Admin area of the Process Admin Console,
click the indicator next to User Management to
list the available management options.
- Click Group Management.
- In the Group Management window, enter a partial or complete
group name in the Select Group to Modify field.
Tip: To see all the groups, enter ** in
the Select Group to Modify field.
- From the list of groups displayed, click the group for
which you want to designate a Team Manager.
- Enter a partial or complete group name in the Team
Manager Group (deprecated) field, and then select the
group that you want from the list.
Important: Using team manager groups is deprecated.
The new Team Performance dashboard available in
IBM Process
Portal requires
that you define teams and team managers using Process Designer, as
described in the following topics:
Creating a team and
Defining team managers.
- To remove users from a group, perform the following steps:
- In the Server Admin area of the Process Admin Console,
click the indicator next to User Management to
list the available management options.
- Click Group Management.
- In the Group Management window, enter a partial or complete
group name in the Select Group to Modify field.
Tip: To see all the groups, enter ** in
the Select Group to Modify field.
- From the list of groups displayed, click the group that
you want to update. The Process Admin Console lists
the members of the group.
- Click Remove for the users and
groups that you want to remove.
The removed users and groups are no longer displayed in
the list of members and are removed from the selected group.
- To delete a group, perform the following steps:
- In the Server Admin area of the Process Admin Console,
click the indicator next to User Management to
list the available management options.
- Click Group Management.
- In the Group Management window, enter a partial or complete
group name in the Select Group to Modify field.
Tip: To see all the groups, enter ** in
the Select Group to Modify field.
- In the list of groups displayed, click Remove for
the group that you want to delete.
The group is removed from the list and is no longer available.
- To return a list of members of a nested group for an LDAP
repository:
- Run the following command:
$AdminTask setIdMgrCustomProperty { -id Ldap Repository Id -name com.ibm.ws.wim.adapter.ldap.returnNestedNonGroupMembers -value true}
For
example:wsadmin>$AdminTask setIdMgrCustomProperty { -id LDAP1 -name com.ibm.ws.wim.adapt er.ldap.returnNestedNonGroupMembers -value true}
- Save the changes and exit.
wsadmin>$AdminConfig save
wsadmin> exit
- Restart the server.