I am trying configure access control on WSRR 7 and couldn't find much documentation on creating new permissions especially on the usage of Target (XPath) field. Any information on this would be really helpful.
Is there a way you can control access to transitions within a lifecycle? Example, developers (mapped to a ldap group) can transition a service from 'dev' to 'test' but not from 'test' to 'stage' or 'prod'. Admin users can perform all the transitions. Is that possible?
Also, Is there a way you can control access to 'configuration' perspective?
GaryWhittingham 120000H0TB1 Post
Re: WSRR Access Control2010-11-10T17:38:42ZThis is the accepted answer. This is the accepted answer.You should be able to find details about the target field at http://publib.boulder.ibm.com/infocenter/sr/v7r0/index.jsp, the relevant sections to search for are: Permission structure and Permission target. The XPath target definition within the permission can only use a limited sub-set of the full XPath specification. The constructs you are allowed to use are defined in the reference cited above.
The different types of permission you can use are described in the section Overview of access control in WSRR . You should be able to use 'Transition' permissions to control the transitions which particular users are allowed to perform, in the way you describe in your post. In order to define this kind of permission, as well as the Name, Type and Target, a Transition is required too. This must match one of those in the relevant life-cycle definition.
You may also find the following article useful http://www.ibm.com/developerworks/websphere/library/techarticles/0705_orchard/0705_orchard.html
Access to individual perspectives is controlled a different way. The sections in the infocenter to look for are Configuring the web UI and Perspectives.
"...The Configuration perspective allows an administrator to configure WSRR. This perspective cannot be removed or modified. It is available to all users who are in the WSRR J2EE Administrator role and, additionally, to all users in a WSRR Access control role called Administrator if the role has been created."