Information Management IBM InfoSphere Master Data Management, Version 11.3

Configuring security and authorization

InfoSphere® MDM Reference Data Management Hub uses a role-based security concept. Activities and states entities are related to roles, which are linked to groups you define in the application server. Users are members of these groups.

Procedure

  1. Configure the web application server security. See Configuring security on WebSphere Application Server.
  2. Create groups in WebSphere® or LDAP. See Creating groups in the WebSphere Application Server repository.
  3. Create owner groups in InfoSphere MDM Reference Data Management Hub. See Creating custom groups in InfoSphere MDM Reference Data Management Hub.
  4. Create users in WebSphere or LDAP and assign them to groups. See Creating and assigning users.
  5. Add roles, if needed. See Creating roles.
  6. Associate the roles with the WebSphere or LDAP groups. See Assigning roles to groups in WebSphere Application Server.
  7. Restart the RDMClientEAR application in WebSphere.
  1. Security access control
    InfoSphere MDM Reference Data Management Hub provides role-based security control over the reference data sets, mappings, and managed systems. The InfoSphere MDM Reference Data Management Hub authentication is designed to work with standard authentication mechanisms in place in the enterprise, such as LDAP.
  2. Creating groups in the WebSphere Application Server repository
    The groups RDMRole_* are used for the user interface. The group mdm is associated with the service provider and consumer role. If you must access server-side functions, you must become a member of the mdm group.
  3. Creating custom groups in InfoSphere MDM Reference Data Management Hub
    To create custom groups in InfoSphere MDM Reference Data Management Hub, you associate the group name with the LDAP or IBM WebSphere group name in the groups.properties file.
  4. Creating and assigning users
    You create users and assign them to groups to give them access to the functions through IBM WebSphere Application Server.
  5. Optional: Creating roles
    Roles provide a way to govern the functions users can access. They are configured in the web.xml and userRoles.properties files within the RDMClientEAR. Roles are given authorization for functions within InfoSphere MDM Reference Data Management Hub within the acl.properties file.
  6. Associating groups and roles
    After the roles are created in the InfoSphere MDM Reference Data Management Hub, they are linked to the groups in the web application server. If you do not plan anything beyond creating additional users, you do not need to modify the configuration within the InfoSphere MDM Reference Data Management Hub EAR files. New users become members of the groups that are defined in WebSphere Application Server. Optionally, if you plan to remove the standard users or add or modify groups and roles, adjust the InfoSphere MDM Reference Data Management Hub configuration.
Parent topic: Installing InfoSphere MDM Reference Data Management Hub
Related concepts:
Security access control

Last updated: 27 June 2014