About this task
To configure TAM for a TFIM V6.2 TAMAuthorizationSTSModule,
complete the following steps using the pdadmin utility.
- Check that the action group used by
the TFIM authorization module is available. The action
group used is WebService:
action group list
If WebService is
not listed, create it:
action group create WebService
- Display the action in the action group
used by the TFIM authorization module. The action used
is "i":
action list WebService
If action "i" <label>
0 is not listed, create it. The value of <label> can
vary:
action create i <label> 0 WebService
- Create the Access Control List (ACL) that will be used
to grant access to one or more message flows. First, create
the ACL and give the administrators access to it. In this example, iv-admin is
the administration group and sec_master is the main
administrator:
acl create <AclName>
acl modify <AclName> set Group iv-admin TcmdbsvaBRxl[WebService]i
acl modify <AclName> set User sec_master TcmdbsvaBRxl[WebService]i
- Grant access to all authenticated users, or specific groups,
by adding them to the ACL. Grant any authenticated identity access:
acl modify <AclName> set Any-other Trx[WebService]i
To
add a specific group:
acl modify <AclName> set group <GroupName> Trx[WebService]i
In
these strings, each occurrence of Trx[ ] is an action,
and corresponds to the value of the stsuser Action context attribute
that is passed into the TAMAuthorizationSTSModule. For more information,
see Authentication, mapping, and authorization with TFIM V6.2 and TAM.
- Create a protected object space path in TAM to correspond
to the value of the stsuser ObjectName context attribute that is passed
into the TAMAuthorizationSTSModule using the following command syntax:
objectspace create /<ObjectName>
For
more information, see Authentication, mapping, and authorization with TFIM V6.2 and TAM.
- Attach the ACL to the protected object space path that
you have created. Each node in the object space inherits
ACLs from its parent, and a lower level ACL can override a higher
level one. Use the following command syntax to attach an ACL to a
node in the object space path:
acl attach /<ObjectSpacePath> <AclName>
What to do next
For further information about configuring TAM, see
IBM Security Systems product documentation online.