You can add or remove
administrative resources to an administrative
authorization group or edit an existing one.
Before you begin
You must be logged into the administrative
console with the
cell-level
AdminSecurityManager authority or as the primary
administrative user.
Procedure
- Navigate to . The Administrative
Authorization Groups page displays
a table that lists all of the current administrative authorization
groups available in the cell.
- Click
on the administrative authorization group in the
table that you want to edit.
- To add or remove
resources from the administrative authorization
group, select or clear them in the Resource section of the edit page. Resources displayed in black text are available for selection
or clearing. Resources displayed in grey text are members of a different
administrative authorization group and therefore cannot be edited
for the current administrative authorization group.
The available
filtering options are the following. Each option includes all the
resources that are associated with that specific filtering option.
- All scopes. (The default view that displays the authorization
group tree.)
- Clusters. (All of the resources associated
with the clusters.)
- Web servers. (All of the resources
associated with the Web
servers.)
- Business-level applications. (All of the
resources associated
with the business-level applications.)
- Servers. (All
of the resources associated with the servers.)
- Nodes.
(All of the resources associated with the nodes.)
- Applications.
(All of the resources associated with the applications.)
- Assets. (All of the resources associated with the assets.)
- Node groups. (All of the resources associated with the node
groups.)
- Assigned scopes. (Displays all of the scopes
explicitly assigned
to the current authorization group).
Nodes
prior to WebSphere® Application Server
Version 6.1 in a mixed cell environment are filtered out of resource
mapping.
- To remove a user or a group, do the
following:
- To delete users, click Administrative
user roles under
the Additional Properties section. To delete groups, click Administrative
group roles under the Additional Properties section. The appropriate edit page displays a table that lists
all of the current users or groups and their associated roles, along
with the user's login status.
- Click
the check box beside the name of the current user
or group and then click Remove. The current
user or group is no longer associated with the role and the role is
no longer listed in the table. It is now ready to have a new user
or group assigned to it.
- If you want to add or to reassign a user or group role
to this administrative authorization group, do the following:
- To add a user, click Administrative user
roles under
the Additional Properties section. To add a group, click Administrative
group roles located under the Additional Properties section. The appropriate edit page displays a table that lists all of
the current users or groups and their associated roles. The available
roles are:
- Administrator
- An individual or
group that uses the administrator role has the
operator and configurator privileges plus additional privileges that
are granted solely to the administrator role. For example, an administrator
can complete the following tasks:
- Modify the server user ID
and password.
- Configure authentication and authorization mechanisms.
- Enable or disable administrative security.
- Enable or disable Java 2
security.
- Change the Lightweight Third Party Authentication
(LTPA) password
and generate keys.
- Create, update, or delete users in the
federated repositories
configuration.
- Create, update, or delete groups in the federated
repositories
configuration.
Note: An administrator cannot map users and
groups to the administrator
roles.
- Configurator
- An individual
or group that uses the configurator role has the
monitor privilege plus the ability to change the WebSphere Application
Server configuration. The configurator can perform all the day-to-day
configuration tasks. For example, a configurator can complete the
following tasks:
- Deployer
- Users granted this role can
perform both configuration actions
and runtime operations on applications.
- Operator
- An individual or group that uses the operator role has monitor
privileges plus ability to change the runtime state. For example,
an operator can complete the following tasks:
- Stop and start
the server.
- Monitor the server status in the administrative
console.
.
- Monitor
- An
individual or group that uses the monitor role has the least
amount of privileges. A monitor can complete the following tasks:
- View the WebSphere Application Server configuration.
- View the current state of the Application Server.
- Admin Security Manager
- Using the Admin
Security Manager role, you can assign users and
groups to the administrative user roles and administrative group roles.
However, an administrator cannot assign users and groups to the administrative
user roles and administrative group roles including the Admin Security
Manager role.
- Click Add....
- To add a new user or group, follow the instructions
on the page to specify either a user name, group name, or Special
subject. Highlight the desired role(s), and click OK. The
specified users, groups, or Special subject are mapped to the security
roles.