For IBM i platforms

Configuring security authorization for Liberty servers on IBM i

Using the iAdmin GRANTAUTH command, you can authorize the QEJBSVR user profile to access the required resources for running the Liberty server.

Before you begin

Servers run under the QEJBSVR user profile if one of the following is true:

Also, QEJBSVR is granted authorization to files in the $WLP_USER_DIR and $WLP_OUTPUT_DIR locations in all of these installation scenarios. Additionally, when servers are created, QEJBSVR is granted authorization to server definition files and the $WLP_OUTPUT_DIR location.

About this task

This task provides example commands that show you how to authorize the QEJBSVR user profile to access the required resources for running the server after doing the following tasks:
  • Creating files manually or modifying the authorities on shared resources and server definitions files.
  • Configuring a server to access resources the QEJBSVR user profile is not yet authorized to.

Example

  • Granting the server role to the QEJBSVR user profile for the shared resources, server definitions and output locations configured for the Liberty environment installed at /WAS/wlp directory.
    /WAS/wlp/lib/native/os400/bin/iAdmin GRANTAUTH -rolename server  -userprofilename QEJBSVR
  • Granting the server role to the QEJBSVR user profile for shared resources and server definitions in /WAS/myWlpServers/usr, and for any server output locations defined by the WLP_OUTPUT_DIR variable in files matching the definition in the /WAS/myWlpServers/usr/servers/*/server.env file.
    /WAS/wlp/lib/native/os400/bin/iAdmin GRANTAUTH -rolename server  -userprofilename QEJBSVR 
                                               -userdir /WAS/myWlpServers/usr
  • Granting the server role to the QEJBSVR user profile for output location /WAS/myWlpOutput/servers.
    /WAS/wlp/lib/native/os400/bin/iAdmin GRANTAUTH -rolename server  -userprofilename QEJBSVR 
                                               -outputdir /WAS/myWlpOutput/servers