This topic describes how to secure the long-running scheduler.
Before you begin
Users who are assigned the lradmin role have the authority
to perform all
long-running scheduler application actions on all jobs regardless of job ownership, while
users who are assigned with the lrsubmitter role can only act on jobs
that are owned by the submitters themselves.
About this task
This sample task assumes that the job scheduler is configured.
From the administrative console:
Procedure
Click Security > Secure administration,
applications, and infrastructure.
- Select administrative security, application
security, and optionally Java 2 security.
- Configure User account repository by
specifying one of the available realm definitions.
Once you have configured WebSphere Application
Server Security, click Apply to save your configuration.
Expand System administration > Job
scheduler > Security role to user/group mapping.
Select the roles to be configured.
- Click Look up users if one or
more users are to be assigned the target role, or click Look up
groups if role assignment is at the group level.
- Select the user or group to be assigned
to the target role.
- Click OK and save the configuration.
Click Security > Global Security.
Enable global security and Java 2
security. This supports any of the WebSphere Application Server supported
user registries such as Local OS, Lightweight Directory Access Protocol
(LDAP), or custom.
- Restart the celll.
What to do next
With security enabled, provide a valid user ID and password
for job actions that are performed through the command- line interface.
Submit a job action through the command-line interface with the user
name and password information. See the following example:
<install_root>/bin/lrcmd.[bat|sh]
-cmd=<name_of_command> <command_arguments> [-host=<host> -port=<port>]
-userid=<user_ID> -password=<password>
where:
- <host> is the on demand router (ODR) host
name or the long-running scheduler server host name. If not specified, the default is localhost.
- <port> is the ODR HTTP(s) proxy address or
the long-running scheduler server HTTP(s) port. If not specified,
the default is 80.
See the following example:
D:\IBM\WebSphere\AppServer\bin\lrcmd
-cmd=submit -xJCL=D:\IBM\WebSphere\AppServer\longRunning\
postingSampleXJCL.xml -port=9445 -host=wasxd01.ibm.com
-userid=mylradmin -password=w2g0u1tf