Managing CONSOLE mode security
Use console security to ensure that only authorized user IDs can access the Rule Execution Server console.
About this task
<HBRSSID_NAME>.NO.SUBSYS.SECURITYNote: When
security is disabled for the zRule
Execution Server for z/OS® in
CONSOLE mode, the default username and passwords are used. For instance, resAdmin/resAdmin.
To manage console security for a single server, set <HBRSSID_NAME> to a subsystem ID in the server group that is running in CONSOLE mode. To manage console security for multiple servers or for the entire server group, specify a wildcard as the subsystem ID.
Note: In
some cases, you might want to disable console security but maintain
the other types of security. For more information, see Disabling types of security.
The following table lists the profiles and the roles they represent. The roles are defined in the EJBROLE class so that the embedded Liberty profile server can access them. Roles are listed in order of increasing authority.
| Resource profile | Role description |
|---|---|
| <HBRSSID_NAME>.res.resMonitors | Users with monitoring rights are only allowed to view and explore RuleApps, rulesets, decision services, execution units, and statistics. They are not allowed to modify them. They can also select a trace configuration and view and filter trace information in Decision Warehouse (applies only to Rule Execution Server on WebSphere® Application Server for z/OS). |
| <HBRSSID_NAME>.res.resDeployers | In addition to monitoring rights, users with deploying rights are allowed to deploy RuleApp archives and to edit and remove entities (RuleApps, rulesets, decision services, Java™ Execution Object Model (XOM) resources and libraries), and run diagnostics. |
| <HBRSSID_NAME>.res.resAdministrators | Users with administrator rights have full control over the
deployed resources and access to information on the server. They can
carry out the following actions:
|