Authorizing access to the data grid in stand-alone environments

Control which users have specific permissions to access the data grid through the policy file.

1. Enable access control for the data grid.
   Specify securityEnabled=”true” in the ObjectGrid.xml file for the deployed data grid.

   Specify this setting for each grid you define. After you configure this setting, no reads or writes are run on data grid entries except for identities that have been granted permissions in a policy file.

2. Create a policy file.
   See the following example policy file:

   grant codebase "http://www.ibm.com/com/ibm/ws/objectgrid/security/PrivilegedAction"
       principal javax.security.auth.x500.X500Principal "CN=cashier,O=acme,OU=OGSample" {
       permission com.ibm.websphere.objectgrid.security.MapPermission "accounting.*", "read";
   };
   
   grant codebase "http://www.ibm.com/com/ibm/ws/objectgrid/security/PrivilegedAction"
       principal javax.security.auth.x500.X500Principal "CN=manager,O=acme,OU=OGSample" {
       permission com.ibm.websphere.objectgrid.security.MapPermission "accounting.*", "all";
   };

   Policy files can grant various permissions, depending on the authorization of the user. For more information about how to create this file, see Java SE security tutorial - Step 5.
3. Configure each container server to load this policy file.
   You can complete this configuration by starting the container with the following JVM argument:

   -Djava.security.policy=<policy file>

   Tip: This policy file is also used in controlling administrative access to data grid servers. When you use this policy file to control administrative access, the policy file must contain MBeanPermission entries, and must be loaded by catalog servers and container servers.