Authorizing access for administrative operations in stand-alone environments

Most data grid deployers restrict administrative access to only a subset of the users who can access grid data.

Procedure

You must run the catalog servers and container servers using the Java™ security manager, which requires a policy file.

The policy file is specified by passing the -Djava.security.policy=<policy_file> JVM argument.

The Java security manager is started by specifying the JVM argument, -Djava.security.manager, when the eXtreme Scale server is started. Specify this argument for both container and catalog servers.

The policy file resembles the following example:
Remember: The policy file also typically contains MapPermission entries, as documented in Java SE security tutorial - Step 5.
grant codeBase "file:${objectgrid.home}/lib/*" {
permission java.security.AllPermission;
};

grant principal javax.security.auth.x500.X500Principal "CN=manager,O=acme,OU=OGSample"
     {
        permission javax.management.MBeanPermission "*", "getAttribute,setAttribute,
        invoke,queryNames,addNotificationListener,removeNotificationListener";
     };

In this example, only the manager principal is authorized for administrative operations with the xscmd command. You can add other lines as necessary to give additional principals MBean permissions.

Enter the following command:[Linux][Unix]
startOgServer.sh <arguments> -jvmargs -Djava.security.auth.login.config=jaas.config 
-Djava.security.manager -Djava.security.policy="auth.policy" -Dobjectgrid.home=$OBJECTGRID_HOME
[Version 8.6 and later][Linux][Unix]
startXsServer.sh <arguments> -jvmargs -Djava.security.auth.login.config=jaas.config 
-Djava.security.manager -Djava.security.policy="auth.policy" -Dobjectgrid.home=$OBJECTGRID_HOME
[Windows]
startOgServer.bat <arguments> -jvmargs -Djava.security.auth.login.config=jaas.config 
-Djava.security.manager -Djava.security.policy="auth.policy" -Dobjectgrid.home=%OBJECTGRID_HOME%
[Version 8.6 and later][Windows]
startXsServer.bat <arguments> -jvmargs -Djava.security.auth.login.config=jaas.config
 -Djava.security.manager -Djava.security.policy="auth.policy" -Dobjectgrid.home=%OBJECTGRID_HOME%

What to do next

Securing data that flows between eXtreme Scale servers in stand-alone environments with SSL encryption