Start of change
IBM App Connect Enterprise, Version 11.0.0.2 Operating Systems: Windows, Linux


Configuring authorization for an integration server by modifying the server.conf.yaml file

You can configure integration servers to use file-based authorization, by setting the security properties in the server.conf.yaml configuration file.

Before you begin

About this task

You can configure authorization for an independent integration server (which is not associated with an integration node) by setting file-based permissions in the Security section of the integration server's server.conf.yaml configuration file:
# Admin Security
  #  Authentication
  #basicAuth: true                    # Clients web user name and password will be authenticated when set true
  #  Authorization
  #adminSecurity: inactive            # Clients web user role will be authorized when set active
  #authMode: file                     # Set admin authorization mode. Choose 1 of : file or mq

Security:
  Permissions:
    # Set Admin Security Authorization file permissions by role using 'read+:write+:execute+' , or 'all+'
    # '+' grants permission, '-' denies permission
    # e.g. define the following roles 'viewOnly' and 'admin'
    #viewOnly:  'read+:write-:execute-'
    #admin:     'all+'

For information about controlling access to an integration node, see Configuring authorization for an integration node by modifying the node.conf.yaml file.

Procedure

Configure the authorization mode for an integration server by completing the following steps:

  1. Stop the integration server by using the web user interface or the IBM® App Connect Enterprise Toolkit.
  2. Open the server.conf.yaml configuration file for your integration server, by using a YAML editor.

    If you do not have access to a YAML editor, you can edit the file by using a plain text editor; however, you must ensure that you do not include any tab characters, because they are not valid in YAML and would cause your configuration to fail. If you are using a plain text editor, ensure that you use a YAML validation tool to validate the content of your file.

  3. If administration security has not already been enabled, enable it now by setting the adminSecurity property in the server.conf.yaml file to active:
    adminSecurity: active
  4. Specify the file-based authorization mode, by setting the authMode property to file:
    authMode: file
  5. Assign permissions to the defined roles, by specifying a combination of read, write, and execute, or all, with + to grant permission, and - to deny permission; for example:
    viewOnly:  'read+:write-:execute-'
    admin:     'all+'
    where the viewOnly role has only read permission, and the admin role has permission for all actions.
  6. Save the modified server.conf.yaml file.
  7. Restart the integration server for the changes to take effect.

What to do next

You can also configure authorization for an integration server by using the mqsichangeauthmode command, and then set permissions by using the mqsichangefileauth command. For more information, see Configuring authorization by using the mqsichangeauthmode command and Setting file-based permissions.


bn28625_.htm | Last updated 2018-11-02 14:46:31
End of change