Create users and groups and assign them roles by using
a user registry with a federated repository.
About this task
WebSphere Application
Server uses
various kinds of user registries: OS, LDAP, or Custom. You control
access to Rule Execution Server and
enforce security by defining groups and users. If no groups and users
are defined yet or if you want to define new groups and users, proceed
with the following steps. If suitable groups and users are already
defined, skip this procedure and connect users to their appropriate
roles when you deploy your applications.
The following table
summarizes the main groups and their associated default user and password.
Group |
Use |
Default user/password |
resAdministrators |
Gives a user full administrator rights: - Access and use the Rule Execution Server console
to populate the database schema
- Deploy, browse, and modify RuleApps
- Monitor the decision history, purge, and back up the history
- Run diagnostics and view server information
|
resAdmin - resAdmin |
resDeployers |
Gives a user the following rights: - Deploy, browse, and modify RuleApps
- Test rulesets
|
resDeployer - resDeployer |
resMonitors |
Gives a user the following rights: - View RuleApps
- Monitor decision history and access Decision
Center reports
|
resMonitor - resMonitor |
Procedure
- In the side panel, click .
- Configure the repository security as follows:
- If Federated repositories is already
selected under Current realm definition, make
sure that Enable application security is selected
under Application security. If you select Enable application
security, you must click Apply and Save to
save the changes to the master configuration.
- If Federated repositories is not already
selected, click Security Configuration Wizard,
and then complete the wizard as follows:
- In Step 1, to specify the level
of protection, select Enable application security and
click Next.
- In Step 2, select Federated
repositories and click Next.
- In Step 3, type a name in the Primary
administrative user name field and enter websphere in
the Password field, and then click Next.
- In Step 4, review the security
configuration summary and click Finish.
- Click Save to save the changes
to the master configuration.
- Restart WebSphere Application
Server.
Then, you must log in to the WebSphere Integrated
Solutions Console as the primary administrative user.
- In the side panel, click , and then click Create.
- Enter resAdministrators as the group
name, then click Create.
- Click Create Like, create another
group named resDeployers, and click Create.
- Click Create Like again, enter another
group named resMonitors, and click Create,
then click Close.
- In the side panel, open and
then click Create.
- Enter resAdmin as the User ID and
again resAdmin as the password. Also, specify
the given name and last name.
- Click Group Membership and proceed
as follows:
- Click Search, select the resAdministrators, resDeployers,
and resMonitors groups.
- Click Add.
- Click Close, then click Create and Close again.
- Click Create Like to create users
with deployer and monitor roles as follows:
- Create another user named resDeployer with
password resDeployer.
- Assign the user to the resDeployers and resMonitors groups.
- Create a user named resMonitor with
password resMonitor.
- Assign the user to the resMonitors group.
- Restart your application server or your deployment manager.
What to do next
When you create user groups, you might have to map the
resAdministrators and
resDeployers users
to the Monitor role. In this case, see
Mapping user groups to the Monitor role.