IC SunsetThe developerWorks Connections Platform is now in read-only mode and content is only available for viewing. No new wiki pages, posts, or messages may be added. Please see our FAQ for more information. The developerWorks Connections platform will officially shut down on March 31, 2020 and content will no longer be available. More details available on our FAQ. (Read in Japanese.)
Topic
  • 1 reply
  • Latest Post - ‏2017-01-20T08:33:29Z by bayliss
JibinJacob
JibinJacob
30 Posts

Pinned topic How can we restrict the access to some services for specific users?

‏2017-01-20T05:12:42Z |

Hi,

When I was going through the benefits of z/os connect mentioned in IBM Knowledge center, i found below advantage:

  • Provides the ability to secure individual or groups of z/OS Connect services with SAF security in which only specific users or groups can have access to specific services

http://www.ibm.com/support/knowledgecenter/SS7K4U_8.5.5/com.ibm.websphere.wlp.zseries.doc/ae/cwlp_zconnect_overview.html 

 

If this specific to API's execution?  

 

Suppose if we have three API's like:

  getCustomer

  updateCustomer

  createCustomer

 

is it possible to restrict the updteCustomer and createCustomer to some specific users?

 

Thanks,

Jibin

 

 

  • bayliss
    bayliss
    36 Posts
    ACCEPTED ANSWER

    Re: How can we restrict the access to some services for specific users?

    ‏2017-01-20T08:33:29Z  

    Hi Jibin,

     

    When you say you have three APIs (getCustomer, updateCustomer & createCustomer), are these packaged as three separate AAR files. Or are you referring to three different operations (path plus method combination) inside a single AAR file?

     

    We use the term API to be the entity described by the swagger document and packaged as a single AAR file. Which can optionally be configured on the server.xml element zosConnectAPI and returned in the response of a HTTP GET /zosConnect/apis URI RESTful administration request.

     

    The open beta allows individual APIs (AAR files) to be defined with different groups for the admin, operations, invoke and reader roles. This is specified on the server.xml element zosConnectAPI attributes: adminGroup, operationsGroup, invokeGroup, and readerGroup. See "Configuring APIs" for more details..
    The open beta does not support assigning different groups to the operations within an API (AAR file).

     

    Regards, Sue

  • bayliss
    bayliss
    36 Posts

    Re: How can we restrict the access to some services for specific users?

    ‏2017-01-20T08:33:29Z  

    Hi Jibin,

     

    When you say you have three APIs (getCustomer, updateCustomer & createCustomer), are these packaged as three separate AAR files. Or are you referring to three different operations (path plus method combination) inside a single AAR file?

     

    We use the term API to be the entity described by the swagger document and packaged as a single AAR file. Which can optionally be configured on the server.xml element zosConnectAPI and returned in the response of a HTTP GET /zosConnect/apis URI RESTful administration request.

     

    The open beta allows individual APIs (AAR files) to be defined with different groups for the admin, operations, invoke and reader roles. This is specified on the server.xml element zosConnectAPI attributes: adminGroup, operationsGroup, invokeGroup, and readerGroup. See "Configuring APIs" for more details..
    The open beta does not support assigning different groups to the operations within an API (AAR file).

     

    Regards, Sue