Administrative agent security

In a flexible management environment, a user ID must have the required authorization to use the administrative agent and to work with registered nodes.

Required security roles

You need the following roles to use the administrative agent:

Table 1. Required security roles for administrative agent tasks. Roles include administrator and roles required for the operation or node.
Administrative tasks Required security roles
Register or unregister a base (stand-alone) node with the administrative agent administrator
Work with the administrative agent: Administrative roles required for the operation being performed
Work with the administrative subsystem, such as registered nodes Administrative roles required for the registered base node

Same security domain configuration

The administrative agent supports a security configuration where all the cells in the topology share the same user registry, and therefore, the same security domain.

For the administrative agent topology, when a user logs in to the JMX connector port of an administrative subsystem, or chooses the registered node from the administrative console, the authorization table for the chosen node is used.

For example, suppose two stand-alone application servers, Node1 and Node2, are registered with an administrative agent. User1 is authorized as administrator for Node1, but is not authorized for Node2. User2 is authorized as configurator for Node2, but is not authorized for Node1. User1 can administer, operate and configure Node1 and its resources. User2 can monitor and configure Node2 and its resources. Only User1 can register or unregister a node, Node1, with the administrative agent.




Related concepts
Job manager security
Administrative agent
Related tasks
Administrative roles
Administering nodes remotely using the job manager
Administering jobs in a flexible management environment using wsadmin scripting
Administering nodes and resources
Task overview: Securing resources
Concept topic    

Terms of Use | Feedback

Last updated: Oct 22, 2010 12:21:29 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-zos&topic=cagt_adminagent_security
File name: cagt_adminagent_security.html