Configuring security using System Manager

One of the key features of InterChange Server is the ability to authorize permissions for users accessing the system using roles, known as role-based access control (RBAC). Roles can easily be defined by the administrator and assigned to a group of users, restricting access to key components only to verified users.

Use of RBAC functionality ensures that only an administrator, or users with permission to administer roles, are allowed to create users and assign roles. If RBAC is not active on the server, any user can create users and roles with no verification. Therefore, if you want to use the server with RBAC on, after the product is installed, have the adminstrator turn RBAC on. This will prevent any users from turning RBAC on or editing other fields.

For more information regarding security and role-based access control, see the Administration Guide.

Note:
Security can also be configured using the new parameter -xmsp with the repos_copy command. For more information on using repos_copy, see Using repos_copy.

Do the following to configure InterChange Server for role-based access control:

  1. First create a user with the administrator role. If there is no user with the administrator role, then even if RBAC is turned on in the InterChange Server configuration, the server will reboot with RBAC turned off.
  2. Click the Security - RBAC tab.

    Figure 48 shows the Security - RBAC tab in the System Manager configuration file editor.

    Figure 48. Security tab in System Manager


  3. Select the Enable RBAC check box.
  4. In the User registry pull-down menu choose Repository or LDAP.

    If you chose Repository, you must enter the following information in the Repository details area of the Security - RBAC tab:

    If you chose LDAP, you must enter the following information in the LDAP setting area of the Security - RBAC tab:

  5. In the Server start user field, enter the user name that will start the server.
  6. In the Server start password field enter the password associated with the user name.
  7. To turn on audit settings select the Enable audit check box and fill in the following fields:

For more in-depth information on configuring options for InterChange Server, refer to the Administration Guide.

Configuring privacy using System Manager

End-to-end privacy is a very important feature of InterChange Server. It allows you to send messages securely from the moment they leave a source adapter, through InterChange Server, to a destination adapter.

Critical to any secure system is end point verification. IBM WebSphere InterChange Server provides security at each end point of the information flow, ensuring that your information is secure from end to end.

When business communications to InterChange Server are transported asynchronously over JMS, messages are stored on disk at the queue manager while they wait for processing. End-to-end privacy ensures that these messages are secured at this level.

Note:
For in-depth information on end-to-end privacy, refer to the Administration Guide.

To configure InterChange Server for end-to-end privacy, do the following:

  1. Click the Privacy tab.

    Figure 49. Privacy tab in System Manager


  2. Enter the Keystore Path and Keystore Password. (For information on keystores, refer to the Administration Guide.)
  3. Click on Import privacy setting and select one of the available connectors. This loads the privacy configuration for that specific connector.

    You can also set a general privacy setting by doing the following:

    1. In the General privacy setting area, click on All in the Message type column. A drop-down list will appear. Select a message type.
    2. Click on None in the Security level column.
    3. Select a destination for the messages by double-clicking in a cell in the Destination column, for example, System Test Connector or Destination Connector.

    To set a privacy setting for an individual business object, do the following:

    1. Enter the name of the business object or select a business object from the available list in the Name column under Individual business object setting.
    2. Select a security level by double-clicking on a cell in the Security level column and selecting an option from the drop-down list that appears.
    3. Select a destination for the messages by double-clicking in a cell in the Destination column, for example, System Test Connector or Destination Connector.

For more in-depth information on the options for configuring InterChange Server for end-to-end privacy, refer to the Administration Guide.

Copyright IBM Corp. 1997, 2004