Security and Authorization
For information about configuring OAC application security, see OAC Security.
When there are security related issues with FTM, the following questions need to be answered.
- Is WAS application security enabled?
- Has WAS been restarted after a configuration change been made?
- Does the database contain RES_PERM and GRP_RES_PERM_REL entries and are the user group names fully qualified if using LDAP?
- Is the user a member of one or more of the user groups mapped in the GRP_RES_PERM_REL table?
- Have you restarted the FTM OAC enterprise application in WAS since changing the resource permission database tables?
- Have you run ApplyFTM_OpDataNoRestrict.sh with security_on?
The FTM console has a special page to diagnose authorization issues. This page can
be accessed by all logged in users at a direct URL:
http://<host>:<port/<context-root>/jsp/authorization_info.jsp Users only have
access to their own data. The page shows the following data:
- User name
- User groups (based on user repository lookup)
- Indicates which user groups can be matched to metadata in the FTM database
- Lists all resource / permissions / application IDs that can be matched
Authorization problems are typically caused by group name mismatches or omissions. The data on the Authorization page can also be used to confirm that the Application ID is correct.