Much of the security functionality offered by WebSphere® DataPower® XC10 Appliance is
built into the construction of the appliance. Additional security
settings are included to provide additional security options for your
environment.
About this task
To increase the security coverage of the appliance, you can
configure several options that exist to control the user behavior.
Procedure
- Navigate to the Settings panel. To manage your security options, navigate to the Settings panel
using one of the following methods:
- From the menu bar at the top of the WebSphere DataPower XC10 Appliance user
interface, navigate to .
- From the Welcome page, click the Customize
settings link in the Step 1: Set up the appliance section.
- Expand Security.
- Set your security permissions.
- Set the Allow new users to create their own
accounts field. The default value for this
field is Disabled. This field specifies if
a user is able to create their own account. In WebSphere DataPower XC10 Appliance,
self-registered users have appliance monitoring permission by default.
Enable this option only if you want to allow anyone that has access
to the user interface to also have appliance monitoring permission.
When this field is Enabled, a Register button
displays on the login screen. See Self-registering a new user account for more details on self user
registration.
Important: When you enable Lightweight
Directory Access Protocol (LDAP) authentication, then the option to
self register new users is disabled. If you want to self register,
then you must disable LDAP and enable the option to Allow
new users to create their own accounts. Remember, you
automatically enroll with your own account when LDAP is enabled, if
you can authenticate with the LDAP server. Therefore, you create your
account just by logging into the appliance.
- Set the Allow password reset from the serial
console field. The default value for this field
is Disabled.
Disabled: Make sure that you configure
an SMTP server and an email address for the xcadmin user.
These configurations ensure that if the xcadmin password
is lost, then there is a way to reset the password. If this field
is disabled and these configurations are not made, then it is impossible
to reset a lost xcadmin password
and the appliance must be returned to IBM for
remanufacturing.
Enabled: You can reset the password
for the xcadmin user
using a serial connection without any other credentials required and
without an SMTP message. If this option is selected, the physical
access to your WebSphere DataPower XC10 Appliance is
even more important than typical. With physical access to the machine,
any user is able to gain administrator access to the appliance.
- Set the Allow administrative users to access grid data
field. The default value for this field is Enabled.
This field specifies whether an
administrative user can access data in the grid. Previously, if you had the appliance administration
permission, then you had permission to run administrative tasks on the data grid. When you disable
this field, you restrict administrative access from appliance administrators.
When this field
is disabled, only the creator of the data grid has access to the data. Administrators can still
monitor data grids; however, they cannot actually see data in the data grid. For example, in the
monitoring console, click . If you are not the creator for a data grid, then you can no longer query data in the
data grid when this field is disabled. Administrative users can still view data for grids that they
have created.
Note: If administrative access is disabled, the administrator can still view data from
data grids that do not have authorization enabled. However, if you want to restrict administrative
access to the data grid, then disable administrative access and select Enable
authorization for individual data grids from the Security settings.
- Configure your appliance to authenticate users with a Lightweight
Directory Access Protocol (LDAP) directory. For more information
about configuring your appliance to authenticate using with an LDAP
directory, see Configuring your appliance to authenticate users with an LDAP directory.
Results
After successfully completing these steps, you have specified
how the appliance handles certain security-related scenarios and whether
external authentication is used for access to the
user interface.
What to do next
Configure users and groups to provide access to the user
interface. You also use users and groups to provide access to data
grids.