How to give multiple users access to Performance Admin console
Yan Fang 1200008V6D Visits (13474)
By default, Business Process Manager (BPM) currently permits ONLY ONE administrative account to log in to the Performance Admin Console; the administrator account and password that was specified on the Administrative Security page during IBM BPM profile creation. Even deployment environment administrators or users who belong to the tw_admins group also cannot access Performance Admin Console. Here I will prove this by using 'admin' user id which is created during profile creation and other administrative ID to access Performance Admin Console.
1. Log in to the Performance Admin Console with 'admin' user id. This step is to show you that performance admin console is accessible by administrative user that was specified on the Administrative Security page during IBM BPM profile creation.
Point your web browser to http
2. Add administrative authority to an user by accessing Process Admin Console and using administrative account to add user 'tester1' to 'tw_admins' group.
3. Log in to the Performance Admin Console with 'tester1' user id. This step is to show you that performance admin console is NOT accessible by an administrative user id which is not created during profile creation even if that user is in 'tw_admins' group. The rest of the users in tw_admins can not log in, and they will get the “Either the user name or password is wrong, or you are not authorized to log in to the Performance Admin Console.”
When you check the cluster member log, you will find an error similar to:
Why can only the 'admin' user id access Performance Admin Console? Because only 'admin' id has 'User RunAs role' for IBM_
But if you wish to allow multiple users to be able to use the Performance Admin Console to work with Performance Data Warehouse queues, manage data transfer errors, and monitor overall performance, you must follow the steps below to grant access to other users or groups. Using the administrator account that was created on the Administrative Security page during IBM BPM profile creation, you can grant access to the Performance Data Warehouse to other users or groups. You use the WebSphere Application Server (WAS) administrative console to grant access.
1. Log in to the WAS administrative console as the primary administrative user like 'admin' user id used in this article.
2. Click Applications > Application Types > WebSphere enterprise applications > IBM_
3. Select the row for the twuser role and click Map Users or Map Groups. Here I choose 'Map Users' as shown below.
4. Search for and move the desired user(s) to the Selected list and then select OK. Here I added ‘tester1’ to twuser role for IBM_
5. Select OK one more time once it returns to the Security role to user/group mapping page. Now 'tester1' is listed in the 'Mapped users' for twuser role. A message should appear at the top of the screen stating that changes have been made to the local configuration. Save these to the master configuration.
6. Return to the WebSphere enterprise applications page and stop and then start the IBM_
At this point, the new user(s) 'tester1' will be able to access the Performance Admin Console.
In order to access the instrumentation data (and possibly the PerformanceAdmin pages), the new user 'tester1' must have at least the Operator, Deployer, and Administrator administrative roles, as does the default DeAdmin user. See the topic "Adm
If you have configured an endpoint service such as Tivoli Access Manager WebSEAL, a PerformanceAdmin user must be authenticated also through WebSEAL in order for the instrumentation page to load properly.