You can secure the job scheduler by mapping
users and groups to specific security roles.
Before you begin
Users who are assigned the lradmin role have the authority
to perform all job scheduler application
actions on all jobs regardless of job ownership, while users who are
assigned with the lrsubmitter role can only act on jobs that are owned
by the submitters themselves.
About this task
This sample task assumes that the job scheduler is configured.
You can use the administrative console to specific security roles.
Procedure
-
Click . ![[Updated in April 2012]](../../deltaend.gif)
apr2012
- Select administrative security and application security.
- Configure User account repository by specifying one of
the available realm definitions.
- After you have configured WebSphere® Application Server Security,
click Apply to save your configuration.
- Expand System administration > Job scheduler > Security
role to user/group mapping.
- Select the roles to be configured.
- Click Look up users if one or more users are to
be assigned the target role, or click Look up groups if role
assignment is at the group level.
- Select the user or group to be assigned to the target role.
- Click OK and save the configuration.
- Restart the cell.
What to do next
With security enabled, provide a valid user ID and password
for job actions that are performed through the command- line interface.
Submit a job action through the command-line interface with the user
name and password information. See the following example:
<install_root>/bin/lrcmd.[bat|sh]
-cmd=<name_of_command> <command_arguments> [-host=<host> -port=<port>]
-userid=<user_ID> -password=<password>
where:
- <host> is the job scheduler server
host name. If not specified, the default is localhost.
- <port> is the scheduler server HTTP (HTTPS)
port. If not specified, the default is 80.
See the following example:
newfeatD:\IBM\WebSphere\AppServer\bin\lrcmd
-cmd=submit -xJCL=D:\IBM\WebSphere\AppServer\samples\Batch\postingSampleXJCL.xml
-port=9445 -host=wasxd01.ibm.com -userid=mylradmin -password=w2g0u1tf