If you only chose the Installation feature for the Tivoli® Authorization Policy Server
package at installation time, use the Modify operation of the IBM® Installation Manager's to select
the Configuration feature of the package after you have reviewed the
Authorization Policy Server's deployment scripts. When you select
the authorization policy server package, it is deployed to IBM Dashboard Application Services
Hub.
Before you begin
Ensure that the configuration feature for IBM Dashboard Application Services Hub is already
selected. The Tivoli Authorization
Policy Server is an extension offering of the Dashboard Application
Services Hub. As a result, an error message is displayed if you attempt
to select the Authorization Policy Server configuration feature when
Dashboard Application Services Hub is not configured.
About this task
If you selected the Installation feature when installing
the packages, only the binaries and install scripts are laid down
in your installation directory:
- C:\Program Files\IBM\JazzSM\AuthPolicyServer
- /opt/IBM/JazzSM/AuthPolicyServer
To add the Configuration feature, you must perform the following
steps to modify your Tivoli Authorization
Policy Server package:
Procedure
- Log in as the user who installed IBM Dashboard Application Services Hub and authorization
policy server.
- Start the IBM Installation
Manager:
- Double-click the IBMIM.exe file that is
located in the eclipse subdirectory in the directory where IBM Installation Manager was installed.
The default path for IBM Installation
Manager on Windows is C:\Program
Files\IBM\Installation Manager.
- Execute the IBMIM binary under /opt/IBM/InstallationManager/eclipse.
- On the main Installation Manager window, click Modify.
- Select Core services in Jazz for Service Management.
This contains the Tivoli Authorization
Policy Server package. Click Next to continue.
- Expand the Authorization Policy Server node
and select the Configuration check box. Click Next to
continue.
- Specify an IBM Dashboard
Application Services Hub administrative user name and password such
as tipadmin for the Common Configurations for Core services in Jazz™ for Service Management configuration
parameters and click Validate. These credentials
are used to deploy the Infrastructure Management Dashboards for
Servers application into the WebSphere® Application
Server for the IBM Dashboard
Application Services Hub.
- The Tivoli Authorization
Policy Server periodically compresses a file of the current set of
authorization policies that is available for distribution. On a periodic
interval, the dashboard data provider component of the portal server
makes a request to the Tivoli Authorization
Policy Server for the latest compressed file of policies. If there
is a new file, it is obtained and extracted and this set of policies
becomes the current set of policies that are used by the dashboard
data provider.
Configure the Authorization Policy Server
audit and policy distribution properties. Each property has the following
default value and range:
- Audit log file count
- The maximum number of audit log files to keep at one time.
- Default value is 5. Range is greater than 1 and less than 99999.
- Audit log file size (megabytes)
- The maximum size of each log file in megabytes.
- Default size is 10. Range is greater than 1 and less than 99999.
- Audit log file directory
- The directory into which the log files are stored.
- Default value is <JAZZSM_INSTALL_DIR>\AuthPolicyServer\PolicyServer\audit
- Policy-distribution Polling interval (minutes)
- This property specifies how often the Authorization Policy Server
updates the compressed file that contains the authorization policies
that is downloaded by the dashboard data provider.
- Default value is 5. Range is 1 - 1440 minutes.
- Policy-distribution Polling directory
- The directory into which the version of the policies for distribution
is stored.
- Default value is <JAZZSM_INSTALL_DIR>\AuthPolicyServer\PolicyServer\dist
- You must restart the Dashboard Application Services Hub
after the Tivoli Authorization
Policy Server installation is complete. Select either an automatic
or manual restart of the Dashboard Application Services Hub and click Confirm.
Click OK when prompted and Next to
continue.
- The Modify Packages summary panel is displayed. Verify
the changes and click Modify to add the Configuration
feature.
- The Results window displays the package modification status.
Click Finish to complete the modification.
What to do next
If you selected the option for a manual restart of Dashboard
Application Services Hub in step 8, you must restart the application
server for Dashboard Application Services Hub. You must restart the
application server before you can use the Authorization Policy Server
with the tivcmd CLI to create authorization policies.
Install the
tivcmd Command Line Interface on the computers that administrators
use to create authorization policies. Follow the instructions in Installing the tivcmd Command Line Interface for Authorization Policy using the graphical user interface or Installing the tivcmd Command Line Interface for Authorization Policy using console mode.
The user credentials that you specified during the Authorization Policy
Server installation are assigned to the PolicyAdministrator role.
You must use these credentials with the tivcmd Command Line Interface
to log in to the Authorization Policy Server and assign other administrators
permission to create and work with authorization policy roles.
The IBM Tivoli Monitoring Administrator's
Guide provides
examples of creating authorization policies for common scenarios in
the Using role-based authorization policies chapter. Steps
for configuring a dashboard environment to use authorization policies
are outlined in the Preparing your dashboard environment chapter.
For a complete list of tivcmd CLI commands, see the IBM Tivoli Monitoring Command Reference.