Several administrative security roles are provided as part of the WebSphere® Process Server installation.
There are seven roles provided as part of the administrative console. These roles grant permission to ranges of functionality on the administrative console. When administrative security is enabled, a user must be mapped to one of these seven roles in order to access the administrative console.
The first user to log in to the server after installation is added to the administrator role.
Administrative security role | Description |
---|---|
Monitor | A member of the monitor role can view the WebSphere Process Server configuration and the current state of the server. |
Configurator | A member of the configurator role can edit the WebSphere Process Server configuration. |
Operator | A member of the operator role has monitor privileges, plus the ability to modify the runtime state (that is, start and stop the server). |
Administrator | The administrator role is a combination of configurator
and operator roles plus additional privileges granted solely to the
administrator role. Examples include:
|
Adminsecuritymanager | Only users who are granted this role can map users to administrative roles. Also, when fine-grained administrative security is used, only users who are granted this role can manage authorization groups. See Administrative roles for more information. |
Deployer | Users who are granted this role can perform both configuration actions and runtime operations on applications. |
iscadmins | This role is only available for administrative
console users and not for wsadmin users. Users
who are granted this role have administrator privileges for managing
users and groups in the federated repositories. For example, a user
of the iscadmins role can complete the following tasks:
|
The server ID that is specified when you enable administrative security is automatically mapped to the administrator role. Users or groups can be added to and removed from the administrative roles at any time through the WebSphere Process Server administrative console. However, a server restart is required for the changes to take effect. A best practice is to map a group or groups, rather than specific users, to administrative roles because it is more flexible and easier to administer. By mapping a group to an administrative role, adding or removing users to or from the group occurs outside of WebSphere Process Server and does not require a server restart for the change to take effect.
The failed event manager can be operated by any user granted either the administrator or the operator role.
Selectors can be configured by any user granted either the administrator or the configurator role