Enabling data security using scripts
This topic describes how to use the wsadmin scripting client to create scripts to enable IBM® Business Monitor data security.
Procedure
Use the following steps to launch the wsadmin scripting client, set the classpath, and invoke the MBean:
- Open a command prompt, and change directories to the following
directory: profile_root/binWhere:For example,
- profile_root represents the directory for the profile where IBM Business Monitor is installed.
- "app_server_root/profiles/monitor profile"
- Type the following command:
- wsadmin -user user_ID -password password -lang jython -f path_to_script -wsadmin_classpath app_server_root/plugins/com.ibm.wbimonitor.lifecycle.spi.jar
Where:For example,- user_ID represents the user ID for a WebSphere® Application Server administrator
- password represents the password for user_ID
- jython represents the programming language of the script
- path_to_filename represents the fully qualified path to the file that contains the script
- -wsadmin_classpath represents the WebSphere Application Server classpath where the JAR file containing the MBean is located
- wsadmin -user jsmith -password abc1hIpd -lang jython -f C:/scripts/security -wsadmin_classpath "C:/Program Files/IBM/WebSphere/AppServer/plugins/com.ibm.wbimonitor.lifecycle.spi.jar"
- Type the following command:
- wsadmin -user user_ID -password password -lang jython -f path_to_script -wsadmin_classpath app_server_root/plugins/com.ibm.wbimonitor.lifecycle.spi.jar
Where:- user_ID represents the user ID for a WebSphere Application Server administrator
- password represents the password for user_ID
- jython represents the programming language of the script
- path_to_filename represents the fully qualified path to the file that contains the script
- -wsadmin_classpath represents the WebSphere Application Server classpath where the JAR file containing the MBean is located
Next, the following example shows the script assignRoleToUserOnResourceGroup.py.wsadmin -user jsmith -password abc1hIpd -lang jython -f C:/scripts/security -wsadmin_classpath "C:/Program Files/IBM/WebSphere/AppServer/plugins/com.ibm.wbimonitor.lifecycle.spi.jar"<profile_home/bin>wsadmin -user adminUser1 -password admin_pw -lang jython # IBM Confidential# OCO Source Materials # 5724-M24 # (C) Copyright IBM Corporation 2007 # The source code for this program is not published or otherwise # divested of its trade secrets, irrespective of what has been # deposited with the U.S. Copyright Office. # The wsadmin_classpath needs to be set to include com.ibm.wbimonitor.lifecycle.spi_6.2.0.jar # sample command will be # -wsadmin_classpath # <WAS_INATALL>\plugins\com.ibm.wbimonitor.lifecycle.spi_6.2.0.jar -f # assignRoleToUserOnResourceGroup.py member_id resourceGroup role member_type # <profile_home/bin>wsadmin -user adminUser1 -password admin_pw -lang jython # -wsadmin_classpath <WAS_INATALL>\plugins\com.ibm.wbimonitor.lifecycle.spi_6.2.0.jar -f # assignRoleToUserOnResourceGroup.py member_id resourceGroup role member_type # The userid and password won't be needed if WAS security is turned off. If SOAP port is required, # specify it as -port <SOAP_PORT>. SOAP port may be needed if not running wsadmin command # from profile home. # The RESTSecurityAdminMBean is described in the documentation as well as in # com.ibm.wbimonitor.lifecycle.mbeans. # WAS_INSTALL/plugins/com.ibm.wbimonitor.lifecycle_6.2.0.jar contains RESTSecurityAdminMBean.xml from java.lang import Boolean from java.lang import Integer from java.lang import String from java.lang import System from com.ibm.wbimonitor.lifecycle.spi.mbeans import RESTSecurityAdminMBeanFactory if ((len(sys.argv) != 4)): print "This script requires 4 parameters: member_name(user dn or group dn), resourceGroup(root, etc), role_name(KPI-Administrator, etc), member_type(user or group) " raise ValueError userId = sys.argv[0] resourceGroup = sys.argv[1] role = sys.argv[2] member_type = sys.argv[3] AdminControl.trace( 'com.ibm.wbimonitor.*=all=enabled' ) rest_mbean = RESTSecurityAdminMBeanFactory.getMBean( AdminControl.getAdminClient() ) print 'RESTSecurityAdminMBean.toString=' + rest_mbean.toString() #The return type is a boolean 'true' or 'false' result = rest_mbean.assignRoleToUserOnResourceGroup(userId,resourceGroup,role,member_type) print result
What to do next
- Roles
This section contains information on scripts that you can create to perform functions for roles. - Resource groups
A resource group is a logical grouping of models that manages access to and provides security for the models within it. When you create a resource group, it is assigned to the root resource group. You assign roles that grant specific privileges to a user within a resource group, and not to a model directly. This section describes how to create scripts to perform functions for resource groups. - Resources
Resources are models assigned to a particular resource group. This section contains information on scripts that you can create to perform functions for resources or models. - Deleting tables
You can use the provided information to create a script that deletes all data from the IBM Business Monitor service tables. This step should be performed manually and only by a database administrator. This method is provided as a convenience for development, test, and staging environments. Do not use this command in production scripts.
Parent topic: Administrative commands