Authorizing access for administrative operations in the Liberty profile
You can authorize users to access the data grid for administrative tasks, such as in the Liberty.
About this task
Administrative security determines whether security is enabled, whether you decide to authenticate with LDAP or keystore login, and other values, which are mostly default values. Since you must specify an authentication mechanism before you authorize access for administrative operations, keystore login authentication is referenced in this procedure. For more information about configuring LDAP as an alternative authentication mechanism, see Enabling LDAP authentication in eXtreme Scale catalog and container servers.
Most data grid deployers restrict administrative access to only a subset of the users who can access grid data.
Important: To enable authorization for management (MBean) access, Java Security Manager
must be activated. Deployed applications cannot be co-located on the same Liberty server with any catalog servers or container servers
with MBean authorization enabled because those applications do not start with the Java Security
Manager enabled. Authentication and data grid authorization can be enabled without using the Java
Security Manager. However, if the Java Security Manager is not enabled, any authenticated user can
run MBean management operations. Therefore, such a configuration is not ideal.