Configuring security authorization for Liberty servers on IBM i
Using the iAdmin GRANTAUTH
command, you can authorize the QEJBSVR user
profile to access the required resources for running the Liberty server.
Before you begin
Servers run under the QEJBSVR user profile if one of the following is true:
- The Liberty environment was installed as a feature of a product offering using the IBM® Installation Manager.
- The
iAdmin POSTINSTALL
command was called after Installing Liberty by extracting an archive file.
Also, QEJBSVR is granted authorization to files in the $WLP_USER_DIR
and
$WLP_OUTPUT_DIR
locations in all of these installation scenarios. Additionally,
when servers are created, QEJBSVR is granted authorization to server definition files and the
$WLP_OUTPUT_DIR
location.
About this task
This task provides example commands that show you how to authorize the QEJBSVR user profile to
access the required resources for running the server after doing the following tasks:
- Creating files manually or modifying the authorities on shared resources and server definitions files.
- Configuring a server to access resources the QEJBSVR user profile is not yet authorized to.
Example
- Granting the server role to the QEJBSVR user profile for the shared resources, server
definitions and output locations configured for the Liberty environment installed at
/WAS/wlp
directory.
/WAS/wlp/lib/native/os400/bin/iAdmin GRANTAUTH -rolename server -userprofilename QEJBSVR
- Granting the server role to the QEJBSVR user profile for shared resources and server definitions
in /WAS/myWlpServers/usr, and for any server output locations defined by the
WLP_OUTPUT_DIR variable in files matching the definition in the
/WAS/myWlpServers/usr/servers/*/server.env
file.
/WAS/wlp/lib/native/os400/bin/iAdmin GRANTAUTH -rolename server -userprofilename QEJBSVR -userdir /WAS/myWlpServers/usr
- Granting the server role to the QEJBSVR user profile for output location
/WAS/myWlpOutput/servers.
/WAS/wlp/lib/native/os400/bin/iAdmin GRANTAUTH -rolename server -userprofilename QEJBSVR -outputdir /WAS/myWlpOutput/servers