Granting write permission of files and directories to nonroot users for profile creation or augmentation
If you are not the user who installed the product, you must have write permission to selected directories within the IBM® Business Process Manager installation. The product installer can grant this permission or create a group with permission to create or augment profiles.
About this task
The product installer (who can be a root or nonroot user) can grant write permission to the appropriate IBM Business Process Manager files and directories to nonroot users. The nonroot users can then create profiles. Alternatively, the product installer can create a group for users who are authorized to create profiles or give individual users the authority to create profiles.
Nonroot users create their own profiles to manage their own environments. Typically, they manage environments for development purposes.
Nonroot users must store their profiles in their private directory structure, not in the installation_root/profiles directory of the product.
- IBM Business Process Manager does not support changing ownership of existing profiles from the product installer to nonroot users. A nonroot user cannot augment profiles owned by another user.
- Mechanisms within the Profile Management Tool that suggest unique names and port values are disabled for nonroot users. The nonroot user must change the default field values in the Profile Management Tool for the profile name, node name, cell name, and port assignments. The product installer can assign nonroot users a range of values for each of the fields, and assign responsibility to the users for adhering to their assigned value ranges and for maintaining the integrity of their own definitions.
If you already created at least one profile, certain directories and files were created. You can skip the steps in this topic that create these directories and files. If no profile was previously created, you must complete the steps to create the required directories and files.
The following example task shows how to create a group that is authorized to create profiles. The terms "installer" and "product installer" refer to the user ID that installed IBM Business Process Manager. The installer can perform the following steps to create the profilers group and give the group appropriate permissions to create a profile.
Procedure
Results
The installer created the profilers group and gave the group the correct permissions to the directories and files required for a nonroot user to create profiles.
What to do next
The nonroot user that belongs to the profilers group can create profiles in a directory that the nonroot user owns and to which the nonroot user has write permission. However, the nonroot user cannot create profiles in the installation root directory of the product.
The root user and the nonroot user can use the same tasks to manage profiles.