When you create a new IBM Security Guardium Key Lifecycle Manager device
group, also create a role for the device group. Specify the same name
for both the device group and the role, including case. Name matching
is case-sensitive.
About this task
You can add the role for a device group to the WebSphere Application Server Liberty by editing the admin-authz.xml configuration
file.
Procedure
-
On Windows operating system, edit the <WAS_HOME>/profiles/KLMProfile/cofig/cells/SKLMCell/admin-authz.xml file
by adding the following lines:
<roles xmi:id=<roleId> roleName=<deviceGroupName>/>
<authorizations xmi:id=<roleAssignmentId> role=<roleId/>
The
values for roleId and roleAssignmentId must
be unique across the roles and authorizations that are exists in the admin-authz.xml file.
For example, you must add the following lines if a new device
group, such as
MyDS5K is added:
<roles xmi:id="MyDS5K_Role" roleName="MyDS5K"/>
<authorizations xmi:id="MyDS5K_Role_Auth" role="MyDS5K_Role"/>
-
Restart WebSphere Application Server Liberty.
You must stop the server and then restart. For instructions about
how to stop and start the server, see Restarting the Guardium Key Lifecycle Manager server.
What to do next
Next, you can specify that a user group has permissions to the new device group and the necessary
administrative tasks, such as view or configure.