Creating users and groups

Create users and groups and assign them roles by using a user registry with a federated repository.

Before you begin

To configure a federated repository as a user registry, you work in the WebSphere Integrated Solutions Console. Log in to the console as explained in Before you start: Opening the administration console.

About this task

WebSphere Application Server uses various kinds of user registries: OS, LDAP, or Custom. You control access to Rule Execution Server and enforce security by defining groups and users. If no groups and users are defined yet or if you want to define new groups and users, proceed with the following steps. If suitable groups and users are already defined, skip this procedure and connect users to their appropriate roles when you deploy your applications.

The following table summarizes the main groups and their associated default user and password.

Group	Use	Default user/password
resAdministrators	Gives a user full administrator rights: Access and use the Rule Execution Server console to populate the database schema Deploy, browse, and modify RuleApps Monitor the decision history, purge, and back up the history Run diagnostics and view server information	resAdmin - resAdmin
resDeployers	Gives a user the following rights: Deploy, browse, and modify RuleApps Test rulesets	resDeployer - resDeployer
resMonitors	Gives a user the following rights: View RuleApps Monitor decision history and access Decision Center reports	resMonitor - resMonitor

Procedure

In the side panel, click Security > Global security.
Configure the repository security as follows:
- If Federated repositories is already selected under Current realm definition, make sure that Enable application security is selected under Application security. If you select Enable application security, you must click Apply and Save to save the changes to the master configuration.
- If Federated repositories is not already selected, click Security Configuration Wizard, and then complete the wizard as follows:
1. In Step 1, to specify the level of protection, select Enable application security and click Next.
2. In Step 2, select Federated repositories and click Next.
3. In Step 3, type a name in the Primary administrative user name field and enter websphere in the Password field, and then click Next.
4. In Step 4, review the security configuration summary and click Finish.
5. Click Save to save the changes to the master configuration.
6. Restart WebSphere Application Server.
  Then, you must log in to the WebSphere Integrated Solutions Console as the primary administrative user.
In the side panel, click Users and Groups > Manage Groups, and then click Create.
Enter resAdministrators as the group name, then click Create.
Click Create Like, create another group named resDeployers, and click Create.
Click Create Like again, enter another group named resMonitors, and click Create, then click Close.
In the side panel, open Users and Groups > Manage Users and then click Create.
Enter resAdmin as the User ID and again resAdmin as the password. Also, specify the given name and last name.
Click Group Membership and proceed as follows:
1. Click Search, select the resAdministrators, resDeployers, and resMonitors groups.
2. Click Add.
3. Click Close, then click Create and Close again.
Click Create Like to create users with deployer and monitor roles as follows:
1. Create another user named resDeployer with password resDeployer.
2. Assign the user to the resDeployers and resMonitors groups.
3. Create a user named resMonitor with password resMonitor.
4. Assign the user to the resMonitors group.
Restart your application server or your deployment manager.

What to do next

When you create user groups, you might have to map the resAdministrators and resDeployers users to the Monitor role. In this case, see Mapping user groups to the Monitor role.