Topic
  • 2 replies
  • Latest Post - ‏2010-12-02T15:41:48Z by SystemAdmin
SystemAdmin
SystemAdmin
141 Posts

Pinned topic WSRR Access Control

‏2010-11-10T16:01:08Z |
Hi All,

I am trying configure access control on WSRR 7 and couldn't find much documentation on creating new permissions especially on the usage of Target (XPath) field. Any information on this would be really helpful.

Is there a way you can control access to transitions within a lifecycle? Example, developers (mapped to a ldap group) can transition a service from 'dev' to 'test' but not from 'test' to 'stage' or 'prod'. Admin users can perform all the transitions. Is that possible?

Also, Is there a way you can control access to 'configuration' perspective?

Thanks.
Updated on 2010-12-02T15:41:48Z at 2010-12-02T15:41:48Z by SystemAdmin
  • GaryWhittingham
    GaryWhittingham
    1 Post

    Re: WSRR Access Control

    ‏2010-11-10T17:38:42Z  
    You should be able to find details about the target field at http://publib.boulder.ibm.com/infocenter/sr/v7r0/index.jsp, the relevant sections to search for are: Permission structure and Permission target. The XPath target definition within the permission can only use a limited sub-set of the full XPath specification. The constructs you are allowed to use are defined in the reference cited above.

    The different types of permission you can use are described in the section Overview of access control in WSRR . You should be able to use 'Transition' permissions to control the transitions which particular users are allowed to perform, in the way you describe in your post. In order to define this kind of permission, as well as the Name, Type and Target, a Transition is required too. This must match one of those in the relevant life-cycle definition.

    You may also find the following article useful http://www.ibm.com/developerworks/websphere/library/techarticles/0705_orchard/0705_orchard.html

    Access to individual perspectives is controlled a different way. The sections in the infocenter to look for are Configuring the web UI and Perspectives.

    "...The Configuration perspective allows an administrator to configure WSRR. This perspective cannot be removed or modified. It is available to all users who are in the WSRR J2EE Administrator role and, additionally, to all users in a WSRR Access control role called Administrator if the role has been created."
  • SystemAdmin
    SystemAdmin
    141 Posts

    Re: WSRR Access Control

    ‏2010-12-02T15:41:48Z  
    You should be able to find details about the target field at http://publib.boulder.ibm.com/infocenter/sr/v7r0/index.jsp, the relevant sections to search for are: Permission structure and Permission target. The XPath target definition within the permission can only use a limited sub-set of the full XPath specification. The constructs you are allowed to use are defined in the reference cited above.

    The different types of permission you can use are described in the section Overview of access control in WSRR . You should be able to use 'Transition' permissions to control the transitions which particular users are allowed to perform, in the way you describe in your post. In order to define this kind of permission, as well as the Name, Type and Target, a Transition is required too. This must match one of those in the relevant life-cycle definition.

    You may also find the following article useful http://www.ibm.com/developerworks/websphere/library/techarticles/0705_orchard/0705_orchard.html

    Access to individual perspectives is controlled a different way. The sections in the infocenter to look for are Configuring the web UI and Perspectives.

    "...The Configuration perspective allows an administrator to configure WSRR. This perspective cannot be removed or modified. It is available to all users who are in the WSRR J2EE Administrator role and, additionally, to all users in a WSRR Access control role called Administrator if the role has been created."
    Gary, thanks for your reply.