maintainDocumentStoreAuthorization command

Use the maintainDocumentStoreAuthorization command to add or remove users and groups from the authorization role for the purpose of managing and working with the IBM BPM document store.

Purpose

This command provides a command-line method to add or remove users and groups from the authorization role for the purpose of managing and working with the IBM BPM document store. By default, the user who is resolved by EmbeddedECMTechnicalUser (role type > authentication alias) will be the only user authorized to manage the domain and the default object store. The command ensures that the last remaining user or group cannot be removed.

The command can only be run in connected mode.

Before running this command, you should review the task topic "Administering the technical user for the IBM BPM document store."

Required parameters

-serverName
Specifies the server name of the IBM BPM document store. If you specify the serverName parameter, you must also specify the nodeName parameter.
-nodeName
Specifies the node name of the IBM BPM document store. If you specify the nodeName parameter, you must also specify the serverName parameter.
-clusterName
Specifies the cluster name of the IBM BPM document store.
-deName
Specifies the deployment environment name of the IBM BPM document store.
-add
Specifies the distinguished name of the user or group for which you want to grant access to the IBM BPM document store.
-remove
Specifies the distinguished name of a user or group for which you want to revoke access to the IBM BPM document store.
-list
Specifies that the current access control list is displayed for the IBM BPM document store.

You must specify the clusterName parameter, or the deName parameter, or both the serverName and nodeName parameters. As an alternative to specifying any parameters, you can invoke the command on a target object of type BPMDeploymentEnvironment, ServerCluster, or Server.

You must also specify one of the following parameters:

  • add
  • remove
  • list

Optional parameters

None

Examples

Note: The examples are for illustrative purposes only. They include variable values and are not meant to be reused as snippets of code.
The following example uses the maintainDocumentStoreAuthorization command to display the access control list of the IBM BPM document store for a specified node and server.
  • Jython example:
    AdminTask.maintainDocumentStoreAuthorization('[-nodeName myNodeName -serverName myServerName -list]')
  • Jacl example: 
    $AdminTask maintainDocumentStoreAuthorization {-nodeName myNodeName -serverName myServerName -list}
The following example uses the maintainDocumentStoreAuthorization command to specify the distinguished name of a user or group for which you want to grant access to the IBM BPM document store for a specified node and server.
  • Jython example:
    AdminTask.maintainDocumentStoreAuthorization('[-nodeName myNodeName -serverName myServerName -add user_ID | group_ID]')
  • Jacl example: 
    $AdminTask maintainDocumentStoreAuthorization {-nodeName myNodeName -serverName myServerName -add user_ID | group_ID}
The following example uses the maintainDocumentStoreAuthorization command to specify the distinguished name of a user or group for which you want to revoke access to the IBM BPM document store for a specified node and server.
  • Jython example:
    AdminTask.maintainDocumentStoreAuthorization('[-nodeName myNodeName -serverName myServerName -remove user_ID | group_ID]')
  • Jacl example: 
    $AdminTask maintainDocumentStoreAuthorization {-nodeName myNodeName -serverName myServerName -remove user_ID | group_ID}
The following example uses the maintainDocumentStoreAuthorization command to display the access control list of the IBM BPM document store for a specified cluster.
  • Jython example:
    AdminTask.maintainDocumentStoreAuthorization('[-clusterName myClusterName -list]')
  • Jacl example: 
    $AdminTask maintainDocumentStoreAuthorization {-clusterName myClusterName -list}
The following example uses the maintainDocumentStoreAuthorization command to specify the distinguished name of a user or group for which you want to grant access to the IBM BPM document store for a specified cluster.
  • Jython example:
    AdminTask.maintainDocumentStoreAuthorization('[-clusterName myClusterName -add user_ID | group_ID]')
  • Jacl example: 
    $AdminTask maintainDocumentStoreAuthorization {-clusterName myClusterName -add user_ID | group_ID}
The following example uses the maintainDocumentStoreAuthorization command to specify the distinguished name of a user or group for which you want to revoke access to the IBM BPM document store for a specified cluster.
  • Jython example:
    AdminTask.maintainDocumentStoreAuthorization('[-clusterName myClusterName -remove user_ID | group_ID]')
  • Jacl example: 
    $AdminTask maintainDocumentStoreAuthorization {-clusterName myClusterName -remove user_ID | group_ID}
The following example uses the maintainDocumentStoreAuthorization command to display the access control list of the IBM BPM document store for a specified deployment environment.
  • Jython example:
    AdminTask.maintainDocumentStoreAuthorization('[-deName myDeName -list]')
  • Jacl example: 
    $AdminTask maintainDocumentStoreAuthorization {-deName myDeName -list}
The following example uses the maintainDocumentStoreAuthorization command to specify the distinguished name of a user or group for which you want to grant access to the IBM BPM document store for a specified deployment environment.
  • Jython example:
    AdminTask.maintainDocumentStoreAuthorization('[-deName myDeName -add user_ID | group_ID]')
  • Jacl example: 
    $AdminTask maintainDocumentStoreAuthorization {-deName myDeName -add user_ID | group_ID}
The following example uses the maintainDocumentStoreAuthorization command to specify the distinguished name of a user or group for which you want to revoke access to the IBM BPM document store for a specified deployment environment.
  • Jython example:
    AdminTask.maintainDocumentStoreAuthorization('[-deName myDeName -remove user_ID | group_ID]')
  • Jacl example: 
    $AdminTask maintainDocumentStoreAuthorization {-deName myDeName -remove user_ID | group_ID}
The following example invokes the maintainDocumentStoreAuthorization command on a specified target object:
  • Jython example: 
    server = AdminConfig.getid('/Cell:myCellName/Node:myNodeName/Server:myServerName')
AdminTask.maintainDocumentStoreAuthorization(server, '[-add user_ID | group_ID]')
  • Jacl example: 
    set server [$AdminConfig getid "/Cell:myCellName/Node:myNodeName/Server:myServerName"]
$AdminTask maintainDocumentStoreAuthorization ${server} {-add user_ID | group_ID}
The following example invokes the maintainDocumentStoreAuthorization command on a specified target object:
  • Jython example: 
    cluster = AdminConfig.getid('/Cell:myCellName/ServerCluster:myClusterName')
AdminTask.maintainDocumentStoreAuthorization(cluster, '[-add user_ID | group_ID]')
  • Jacl example: 
    set cluster [$AdminConfig getid "/Cell:myCellName/ServerCluster:myClusterName"]
$AdminTask maintainDocumentStoreAuthorization ${cluster} {-add user_ID | group_ID}
The following example invokes the maintainDocumentStoreAuthorization command on a specified target object:
  • Jython example: 
    de = AdminUtilities.convertToList(AdminConfig.list("BPMDeploymentEnvironment"))[0]
AdminTask.maintainDocumentStoreAuthorization(de, '[-add user_ID | group_ID]')
  • Jacl example: 
    foreach de [$AdminConfig list "BPMDeploymentEnvironment"] {
set result [$AdminTask maintainDocumentStoreAuthorization ${de} {-add user_ID | group_ID}]
puts ${result}
}
Parent topic: Commands (wsadmin scripting)
Related tasks:
This topic applies only to the Distributed platformsAdministering the technical user for the IBM BPM document store