Restricting installation access to runtime servers
You must authorize users with the appropriate type of access, depending on the environment: administrative access to install to workflow servers in production environments, write access to install to any non-production workflow server, or read access to install to workflow servers in development environments.
About this task
- IBM® Workflow Center Authorization
- The following authorization checks are performed on Workflow Center for deployment operations like online deploy
or building a deployment package:
- The user needs the following access to the process application depending on the type of target environment:
- Administrative access to install to process servers in production environments
- Write access to install to any non-production process server
- Read access to install to process servers in development environments
Note: To create a generic deployment package, you need read access only. - If the processCenterInstall group is enabled, the user must be a member of the processCenterInstall group.
- The user needs the following access to the process application depending on the type of target environment:
- IBM Workflow Server Authorization
- The following authorization checks are performed on Workflow Server for deployment operations like online deploy or
offline deploy:
- The user must be a member of tw_admins or the BPMAuthor user and a member of tw_authors. Important: If these internal groups, which are created when the deployment environment is created, are deleted, you won't be able to deploy snapshots.
- If the offlineInstall group is enabled, the user must be a member of the offlineInstall group to run offline deployment commands.
Note: Online deployment uses the BPMAuthor user. If you override this user with a trust association interceptor (TAI), the new user must pass these checks. - The user must be a member of tw_admins or the BPMAuthor user and a member of tw_authors.
Procedure
To enable a processCenterInstall group, perform the following steps on the Workflow Center deployment manager.
To enable an offlineInstall group, perform the following steps on the Workflow Server deployment manager.