Managing TEST mode security

Use test mode security to ensure that only authorized user IDs can access the Decision Runner and testing endpoints.

About this task

Test mode security controls the ability to access the Decision Runner and testing endpoints. If test mode security is enabled, users must enter a user ID and password to sign in. If the HBRADMIN class includes the following resource profile, test mode security for the server instance is disabled: 
<HBRSSID_NAME>.NO.SUBSYS.SECURITY
Note: When security is disabled for the zRule Execution Server for z/OS® in TEST mode, the default username and passwords are used. For instance, resAdmin/resAdmin.

To manage test mode security for a single server, set <HBRSSID_NAME> to a subsystem ID in the server group that is running in TEST mode. To manage test mode security for multiple servers or for the entire server group, specify a wildcard as the subsystem ID.

Note: In some cases, you might want to disable test mode security but maintain the other types of security. For more information, see Disabling types of security.

The following table lists the profiles and the roles they represent. The roles are defined in the EJBROLE class so that the embedded Liberty profile server can access them.

Resource profile Role description
<HBRSSID_NAME>.testing.resAdministrators Users with administrator rights can run tests and simulations using the SSP.
<HBRSSID_NAME>.testing.resDeployers Users with deployer rights can run tests and simulations using the SSP.
<HBRSSID_NAME>.DecisionRunner.resAdministrators Users with administrator rights can run tests and simulations using the Decision Runner.
<HBRSSID_NAME>.DecisionRunner.resDeployers Users with deployer rights can run tests and simulations using the Decision Runner.

Procedure

  1. Define each resource profile that is shown in the previous table to the EJBROLE class by using the following command: 
    RDEFINE EJBROLE <RESOURCE_PROFILE> UACC(NONE)
  2. Refresh the EJBROLE class by using the following command: 
    SETROPTS RACLIST(EJBROLE) REFRESH
  3. Assign each user ID to one of the resource profiles by using the following command: 
    PERMIT <RESOURCE_PROFILE> CLASS(EJBROLE) ID(<USER_ID>) ACCESS(READ)
  4. Refresh the EJBROLE class again by using the following command: 
    SETROPTS RACLIST(EJBROLE) REFRESH
Parent topic: Managing server security