Creating an administration role with the IIB: Create admin role script package

Use this script package to create an administration role to administer integration nodes securely.

About this task

To define multiple permissions for a role on different objects, you can use this script package multiple times with the same IIB_ROLE value. You can use this script package to define permissions only; you cannot use this script package to remove a permission from a role.

Procedure

To deploy a script package that creates an administration role, complete the following steps.

  1. In the Virtual System Patterns list, select the Virtual System Pattern to edit.
  2. Within the pattern, click Open.
    The selected pattern can now be edited.
  3. Click the Scripts icon in the Pattern editor.
    The list of available scripts is displayed.
  4. Locate the IIB: Create Admin Role script package and drag it onto the appropriate virtual machine.
    Note: IBM® Integration Bus script packages must always appear after IBM Integration Bus Software Components in a virtual machine.
  5. Select the script package in the Pattern editor to view the script package properties.

    You can edit the parameters of the script package in the Pattern editor or when the pattern is deployed, or both. If a parameter is set in the Pattern editor, you can update it when the pattern is deployed, unless the parameter is locked. To lock a parameter in the Pattern editor, click the unlocked padlock Unlock Sign for that parameter. A locked padlock Lock Sign indicates that the property is locked.

  6. Set the IIB_ROLE attribute to the name of the administrative role. This field is mandatory and cannot be left blank.

    For this attribute, enter a descriptive name that identifies the role. This name is associated with administrative users to assign permissions.

  7. Optional: Set either IIB_SERVER or IIB_OBJECT to the name of the server or object to which you are applying permissions.

    If you do not specify either of these attributes, the permissions apply to the integration node.

  8. The following fields contain default values. Change any of these fields to meet your environment or scenario. 
    IIB_PERMISSION_READ = false
IIB_PERMISSION_WRITE = false
IIB_PERMISSION_EXECUTE = false
    For more information about file permissions, see Permissions for acting on integration nodes and resources.

Results

An administrative role is created with the specified name and with the specified permissions on the object. If an administrative role already exists with the specified name, it is updated. When you define an administrative user, you can use the role name to specify permissions for that user.

What to do next

To use this role, you must use the IIB: Create web admin user script package to associate the role with a user ID and password. For more information, see Creating a web administration user with the IIB: Create web admin user script package.