You can secure the planejador de tarefa using
groups. A user can then act on a job only if the user and job are
members of the same group.
About this task
Create a group and a user that belongs to the group. Enable
group security for the
planejador de tarefa by mapping
authenticated users to the lradmin administrative security role. Assign
a group to a job.
Procedure
- Create a group and a user that belongs to that group.
Read the section on assigning users and groups to roles in
the WebSphere® Application Server documentation
and follow the directions. For this task, an example user is user1 and
an example group is BATCHGROUP.
- Enable group security for the planejador de tarefa.
- Click .
- Click New and add JOB_SECURITY_POLICY for Name and GROUP for Value.
- Click Apply to save your configuration.
- Click .
- Select lradmin for the role, Map
Special Subjects, and All authenticated in
application realm.
- Save the updates.
- Restart the server.
- Verify that group security is enabled.
If
you see the following message in the SystemOut.log file,
group security is enabled:
CWLRB5837I: The WebSphere Application Server Batch Feature is running under GROUP security policy.
- Assign a group to a job.
A job belongs to
a user group and an administrative group. If the JOB_SECURITY_ADMIN_GROUP
variable is not defined, the job scheduler automatically assigns the
administrative group to each job.
- Configure the value of the administrative group name through the
JOB_SECURITY_ADMIN_GROUP job scheduler custom property:
JOB_SECURITY_ADMIN_GROUP=JSYSADMN
The default
administrative group name is JSYSADMN.
- Assign the group using one of the following methods.
- Define the group on the group attribute in the xJCL, for example:
<job-name=”{jobname}” group=”{group-name}” … />
- Set the job scheduler default group name using the JOB_SECURITY_DEFAULT_GROUP
job scheduler custom property:
JOB_SECURITY_DEFAULT_GROUP=JSYSDFLT
The
default group name is JSYSDFLT.
The group attribute in the xJCL takes precedence over the
job scheduler custom property. If you do not specify a group name
in your xJCL, the job scheduler assigns the default group name.
Results
You created a group and assigned a user to the group so that
a user can manage jobs using group security.
What to do next
Manage jobs using group security.
- Submit the job.
- Have the user1 user that you created in a previous step act on
the job, such as by viewing the job log.