Restricting installation access to runtime servers

To install a snapshot on a process server (a runtime server), the person installing the snapshot must have the appropriate access to the process application. You can set who can or cannot access a process application. Access requirements vary depending on whether the runtime server is in a non-production environment or in a production environment or is an online or offline server.

Before you begin

You must log in to the Process Admin Console.

About this task

For authorization for accessing online process servers, the following access to the process application is required for each type of environment:
  • Administrative access to install to process servers in production environments
  • Write access to install to any non-production process server
  • Read access to install to process servers in development environments.

For more information on providing permissions to users and groups, see Managing access to process applications and toolkits.

Optionally, you can use the processCenterInstall or offlineInstall group settings for additional ways to restrict access. For more information, see Security configuration properties.

Note: On a process server, for new snapshots that are related to a process application or toolkit with existing snapshots, there are additional restrictions for offline installations. The user must be the one that created the first snapshot for the process application or toolkit, a member of the tw_admins group, or the configured BPMAuthor user for the process server.

Procedure

To restrict installation access, perform the following steps.

  1. Start the wsadmin scripting tool. To start wsadmin using the Jython language, run the following command from the bin directory of the server profile: 
    wsadmin -conntype NONE -lang jython
  2. Extract the properties of the BPMProcessServer configuration object. 
    wsadmin> groups = AdminConfig.list('BPMServerSecurityGroups')
wsadmin> print AdminConfig.show(groups)
    Note: If processCenterInstall is missing then no value is displayed.
  3. View the output and note the processCenterInstall value. For example, [processCenterInstall Existing_group_name].
  4. Update the processCenterInstall value. 
    wsadmin> AdminConfig.modify(groups, [['processCenterInstall', 'New-Group-Name']])

    Where, the New_group_name variable represents the group of users to whom you want to grant access. You can use an existing group or create a new one. If you create a new group, ensure it also exists on the Process Center.

  5. Verify your update. 
    wsadmin> print AdminConfig.show(groups)
  6. Save the changes and exit. 
    wsadmin> AdminConfig.save()
wsadmin> exit
  7. Restart the deployment manager.
  8. Restart the Process Server cluster or server.
Parent topic: Managing IBM Process Servers