Security configuration properties
Use the WebSphere command-line administration tool (wsadmin) AdminConfig commands to access and modify IBM® Business Process Manager security properties as configuration objects.
The term configuration object refers to an object that is accessed by using the wsadmin AdminConfig commands. See Commands for the AdminConfig object using wsadmin scripting. Configuration objects can be nested, which means that a configuration object might contain other configuration objects.
- IBM Business Process Manager configuration objects and security properties
- Process Admin Console configuration objects and security properties
- Examples of how to access and modify security properties:
IBM Business Process Manager configuration objects and security properties
Configuration object | ConfigObject containment path | Property name | Description | Default value |
---|---|---|---|---|
BPMAuthAliasRoleType | /Cell:/BPMCellConfigExtension: |
BPCUser, BPMAuthor, BPMUser, BPMWebserviceUser, DeAdmin, EmbeddedECMTechnicalUser, EventManagerUser, PerformanceDWUser, ProcessCenterUser, ProcessServerUser, SCAUser | Refer to IBM Business Process Manager roles for role descriptions. | |
/Cell:/BPMCellConfigExtension: |
CellAdmin, RALUser, SCADeploymentUser | |||
BPMVirtualHostInfo | /Cell:/BPMCellConfigExtension:/ |
hostname, port, transportProtocol | A configuration object that is used with
the wsadmin command to specify the host name, port number, and transport
protocol of a proxy server for Process Center or Process Server configuration.
The IBM BPM virtual
host has three properties:
An example of how to specify the IBM BPM virtual host with the wsadmin command is in the section Modifying security properties by using the AdminConfig object commands. Note: The IBM BPM virtual
host replaces the base-url property that was used in the 99Local.xml configuration
file to specify the host name and port number of a proxy server in
earlier releases of IBM BPM.
|
hostname: None port: -1 transportProtocol: https |
BPMActionPolicy | /Cell:/ServerCluster: |
ACTION_ABORT_INSTANCE, ACTION_SUSPEND_INSTANCE, ACTION_RESUME_INSTANCE, ACTION_ADD_COMMENT, ACTION_ADD_HELP_REQUEST, ACTION_RESPOND_HELP_REQUEST, ACTION_ASSIGN_TASK, ACTION_ASSIGN_AND_RUN_TASK, ACTION_REASSIGN_TASK, ACTION_REASSIGN_TASK_USER_ROLE, ACTION_CHANGE_TASK_DUEDATE, ACTION_CHANGE_INSTANCE_DUEDATE, ACTION_CHANGE_TASK_PRIORITY, ACTION_MOVE_TOKEN, ACTION_DELETE_TOKEN, ACTION_INJECT_TOKEN, ACTION_VIEW_PROCESS_DIAGRAM, ACTION_VIEW_PROCESS_AUDIT, ACTION_CHANGE_CRITICAL_PATH, ACTION_ADD_DOCUMENT, ACTION_UPDATE_DOCUMENT, ACTION_DELETE_DOCUMENT, ACTION_DELETE_INSTANCE, ACTION_FIRE_TIMER, ACTION_RETRY_INSTANCE, ACTION_SEND_EVENT | Refer to Configuration properties for Process Portal action policies for property descriptions. | |
BPMProcessServer (process server environments) or BPMProcessCenter (process center environments) | /Cell:/ServerCluster: |
httpProtocolOnly | A flag that tells Process Designer to use the HTTP protocol instead of RMI for EJB or JMS for event notification. | true |
BPMServerSecurity | /Cell:/ServerCluster: |
deploySnapshotUsingHttps | A flag that forces the Process Center server
to use https to deploy process apps and toolkits to process servers. Note: This
setting is ignored for process server runtime environments that are
from V8.5.0.1 or later.
|
false |
wildcardProcessingOptimized | A flag for enabling searches for user registries with or without wildcards. When set to true, searches are optimized. | false | ||
externalUserQueryLimit | The maximum number of users in Process Admin Console, Process Center, or Process Center to be specified for any add-user or lookup-user activity. | 100 | ||
BPMServerSecurityUsers | /ServerCluster: |
notifyError | If an Event Manager task fails, a task is created for the failing task, for example, UCA execution. This property defines one or more user IDs to receive the task. Each user ID is separated from the others by a semicolon. | User in DeAdmin role |
userToCreateTask | The user ID that is set in the task's receivedFrom field. This user must be assigned to the DeAdmin role. | User in DeAdmin role | ||
userToCloseTask | The user ID that is set in a task that is canceled by the system. This user must be assigned to the DeAdmin role. | User in DeAdmin role | ||
userToOwnTask | The user ID for task assignments when the
assignment is defined directly by a list of users instead of by teams.
All these users are deactivated in the IBM BPM database,
for example
The user ID is not used if the task is assigned to either
teams or groups, for example
|
None | ||
BPMServerSecurityGroups | /Cell:/ServerCluster: |
processHelpAccess | Used to request help from other process participants on a process instance or its related tasks. | tw_admins |
debug | Specifies the role membership that users must have to access debugging functionality. Only one debug role can be defined. | Debug | ||
bpmAdminGroup | Members of this group have full access to
all interfaces, assets, servers, and security. There must be at least
one user. If you change the bpmAdminGroup property, you must also change many of the navigator entries in the BPMConsoleSection configuration object to make sure that users of this newly configured group can see the screens to perform these administrative actions. Also consider whether you want to change any of the action policies because they default to tw_admins. The action policies are described in Configuration properties for Process Portal action policies. |
tw_admins | ||
processCenterInstall | A user must be a member of process-center-install-group in addition to having the default access. For example, to install to a process server in a production environment, a user must have administrative access to the process application that is being installed and must also be a member of process-center-install-group. | None | ||
offlineInstall | Used to limit the offline installation to specific groups. | None | ||
bpmAuthorGroup | Members of this group have access to the Designer and other interfaces in Process Designer, including the Process Center console. From the Process Center console, members of this group can create process applications and toolkits and control access to projects. Access to other process applications and toolkits (projects) and the assets they contain is controlled by Process Center repository administrators. | tw_authors | ||
BPMLdapOption |
/ServerCluster: |
twUserNameAttribute | The LDAP attribute name that holds the user name (which is the value specified on the login screen). The default value is derived from the WebSphere® Application Server configuration property userIdMap. | Note: All LDAP attributes
are optional. The runtime code tries to determine these values from
the WebSphere Application
Server configuration.
However, the displayName attributes are not configured
in WebSphere Application
Server.
As a result, the default value of the description attribute
is just an assumption that the system makes.
|
twUserDescriptionAttribute | The LDAP attribute name that holds the user description (which is also referred to as the full name or display name). The default value is the specified description. | |||
twGroupNameAttribute | The LDAP attribute name that holds the group name. The default value is derived from the WebSphere Application Server configuration property groupIdMap. | |||
twGroupDescriptionAttribute | The LDAP attribute name that holds the group description (display name). The default value is the specified description. | |||
BPMPerformance |
/Cell:/ServerCluster: |
viewUser | Used to create a prefix for the views that Performance Data Warehouse creates for tracking groups. Used like a schema name. |
Process Admin Console configuration objects and security properties
Configuration object | Configuration object location | Properties | Description | Default value |
---|---|---|---|---|
BPMConsoleSection | /BPMConsoleElement:/ | console.manage.caches | The property used to configure access to the Manage Caches link in the IBM BPM Admin section in the Server Admin area of the Process Admin Console | tw_admins |
console.task.cleanup | The property used to configure access to the Task Cleanup link in the IBM BPM Admin section in the Server Admin area of the Process Admin Console | tw_admins | ||
console.rest.commands | The property used to configure access to the Health Management link in the IBM BPM Admin section in the Server Admin area of the Process Admin Console | tw_admins | ||
console.user.management | The property used to configure access to the User Management link in the User Management section in the Server Admin area of the Process Admin Console | tw_admins | ||
console.group.management | The property used to configure access to the Group Management link in the User Management section in the Server Admin area of the Process Admin Console | tw_admins | ||
console.bulk.user. |
The property used to configure access to the Bulk User Attribute Assignment link in the User Management section in the Server Admin area of the Process Admin Console | tw_admins | ||
console.user.synchronization | The property used to configure access to
the User Synchronization link in the User Management section in the
Server Admin area of the Process Admin Console. Note: Some IBM Business Process Manager functionas
require current data from your external security provider to function
properly. If you see unexpected results with routing of activities,
team data in dashboards, or other aspects of IBM BPM that could
be caused by a lag between IBM BPM and your
external security provider, you can use the Synchronization option
in the Process Admin Console to resolve those issues.
|
tw_admins | ||
console.instrumentation | The property used to configure access to the Instrumentation link in the Monitoring section in the Server Admin area of the Process Admin Console | tw_admins | ||
console.process.monitor | The property used to configure access to the Process Monitor link in the Monitoring section in the Server Admin area of the Process Admin Console | tw_admins | ||
console.monitor | The property used to configure access to the Monitor link in the Event Manager section in the Server Admin area of the Process Admin Console | tw_admins, tw_authors | ||
console.blackout.periods | The property used to configure access to the Blackout Periods link in the Event Manager section in the Server Admin area of the Process Admin Console | tw_admins, tw_authors | ||
console.synchronous.queues | The property used to configure access to the Synchronous Queue link in the Event Manager section in the Server Admin area of the Process Admin Console | tw_admins, tw_authors | ||
console.em.jms.error.queue | The property used to configure access to the EM JMS Error Queue link in the Event Manager section in the Server Admin area of the Process Admin Console | tw_admins, tw_authors | ||
console.manage.epvs | The property used to configure access to the Manage EPVs link in the Admin Tools section in the Server Admin area of the Process Admin Console | tw_admins, tw_authors |
Modifying security properties by using the AdminConfig object commands
Modifying security properties in single deployment environments and IBM Business Process Manager Express
- Start the wsadmin scripting tool:
install_root\bin>wsadmin -conntype NONE -lang jython WASX7357I: By request, this scripting client is not connected to any server proc ess. Certain configuration and application operations will be available in local mode. WASX7031I: For help, enter: "print Help.help()"
- List objects of a given type:
wsadmin>AdminConfig.list('BPMServerSecurity') '(cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMServerSecurity_136277477 6533)'
- Show defaults:
wsadmin>print AdminConfig.defaults('BPMServerSecurity') Attribute Type Default externalUserQueryLimit int 100 deploySnapshotUsingHttps boolean false securityNameTransformer String wildcardProcessingOptimized boolean true ldapOptions BPMLdapOption securityGroups BPMServerSecurityGroups securityUsers BPMServerSecurityUsers
- Show attributes of an object:
wsadmin>print AdminConfig.attributes('BPMServerSecurity') deploySnapshotUsingHttps boolean externalUserQueryLimit int ldapOptions BPMLdapOption* securityGroups BPMServerSecurityGroups securityNameTransformer String securityUsers BPMServerSecurityUsers wildcardProcessingOptimized boolean
- Show attributes of an object and their values (Nested objects
are listed according to their configuration ID):
wsadmin>print AdminConfig.show(AdminConfig.list('BPMServerSecurity')) [deploySnapshotUsingHttps false][externalUserQueryLimit 5] [ldapOptions [twUserNameAttribute(cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMLdapOption_1362774776533) twUserDescriptionAttribute(cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMLdapOption_1362774776534) twGroupNameAttribute(cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMLdapOption_1362774776535) twGroupDescriptionAttribute(cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMLdapOption_1362774776536)]] [securityGroups (cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMServerSecurityGroups_1362774776533)] [securityUsers (cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMServerSecurityUsers_1362774776533)] [wildcardProcessingOptimized true]
- Show all attributes of an object and their values (Nested objects
are listed):
wsadmin>print AdminConfig.showall(AdminConfig.list('BPMServerSecurity')) [deploySnapshotUsingHttps false] [externalUserQueryLimit 5] [ldapOptions [[[name twUserNameAttribute] [value sAMAccountName]] [[name twUserDescriptionAttribute] [value description]] [[name twGroupNameAttribute] [value cn]] [[name twGroupDescriptionAttribute] [value description]]]] [securityGroups [[bpmAdminGroup tw_admins] [bpmAuthorGroup tw_authors] [collaborationAdmin tw_admins] [debug Debug] [offlineInstall []] [processHelpAccess tw_admins] [showXmlMetadata Debug]]] [securityUsers [[notifyError bpmadmin] [userToCloseTask bpmadmin] [userToCreateTask bpmadmin]]] [wildcardProcessingOptimized true]
- Show the value of a particular attribute:
wsadmin>print AdminConfig.showAttribute(AdminConfig.list('BPMServerSecurity'),'externalUserQueryLimit') 5
- Modify a property value:Note: To ensure that configuration changes are saved, run the AdminConfig.save command each time a property is modified.
wsadmin>AdminConfig.modify(AdminConfig.list('BPMServerSecurity'),[['externalUserQueryLimit','20']])'' wsadmin>print AdminConfig.showAttribute(AdminConfig.list('BPMServerSecurity'),'externalUserQueryLimit') 20 wsadmin>AdminConfig.save() ''
- Get the console element:Tip: Iterate through the returned list of elements by using the index.
wsadmin>elementName = AdminConfig.showAttribute((AdminUtilities.convertToList(AdminConfig.list ('BPMConsoleElement'))[2]), 'name') wsadmin>print elementName console.bulk.user.attribute.assignment
- Get the configuration ID of the constraint object for this console
element:
wsadmin>constraintIds = AdminConfig.showAttribute((AdminUtilities.convertToList (AdminConfig.list('BPMConsoleElement'))[2]), 'constraints') wsadmin>print constraintIds [(cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMConsoleConstraint_1362774776537)]
- Use the configuration ID to find the current value for the property:
wsadmin>constraint1 = "(cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMConsoleConstraint_136277)" wsadmin>constraint1 = "(cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMConsoleConstraint_1362774776537)" wsadmin>val = AdminConfig.showAttribute(constraint1, 'value') wsadmin>print val tw_admins
- Select the console element for which constraints must be added
or removed:
wsadmin>parent = (AdminUtilities.convertToList(AdminConfig.list('BPMConsoleElement'))[2]) wsadmin>print parent console.bulk.user.attribute.assignment (cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMConsoleLink_1362774776537) wsadmin>elementName = AdminConfig.showAttribute((AdminUtilities.convertToList(AdminConfig.list ('BPMConsoleElement'))[2]), 'name') wsadmin>print elementName console.bulk.user.attribute.assignment
- Add a constraint:
wsadmin>AdminConfig.create('BPMConsoleConstraint', parent, [['type' , 'role'],['value', 'random_group']])' (cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMConsoleConstraint_1363203504872)' wsadmin>newId = "(cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMConsoleConstraint_1363203504872)" wsadmin>val = AdminConfig.showAttribute(newId, 'value') wsadmin>print val random_group wsadmin>print AdminConfig.showAttribute((AdminUtilities.convertToList(AdminConfig.list ('BPMConsoleElement'))[2]), 'constraints') [(cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMConsoleConstraint_1362774776537) (cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMConsoleConstraint_1363203504872)] wsamdin>AdminConfig.save()
- Remove a constraint:
wsadmin>AdminConfig.remove(newId)'' wsadmin>print AdminConfig.showAttribute((AdminUtilities.convertToList (AdminConfig.list('BPMConsoleElement'))[2]), 'constraints') [(cells/Cell1/clusters/SingleCluster|cluster-bpm.xml#BPMConsoleConstraint_1362774776537)] wsamdin>AdminConfig.save()
- Modify a set value to default value:
wsadmin>print AdminConfig.showAttribute(AdminConfig.list('BPMServerSecurity'),'externalUserQueryLimit') 101 wsadmin>print AdminConfig.unsetAttributes(AdminConfig.list('BPMServerSecurity'),'externalUserQueryLimit') wsadmin>print AdminConfig.showAttribute(AdminConfig.list('BPMServerSecurity'),'externalUserQueryLimit') 100 wsamdin>AdminConfig.save()
Modifying security properties in multiple deployment environments
- Get the deployment environment:
wsadmin>deIds = AdminUtilities.convertToList(AdminConfig.getid ('/Cell:/BPMCellConfigExtension:/BPMDeploymentEnvironment:/')) wsadmin>deIds['De1(cells/Cell1|cell-bpm.xml#BPMDeploymentEnvironment_1366695378330)', 'De2 (cells/Cell1|cell-bpm.xml#BPMDeploymentEnvironment_1366696771995)'] wsadmin>AdminConfig.showAttribute(deIds[0], 'name') 'De1' wsadmin>AdminConfig.showAttribute(deIds[1], 'name') 'De2'
- Get the cluster with the correct capability:
wsadmin>clusterPath = "/Cell:<cellName>/BPMCellConfigExtension: /BPMDeploymentEnvironment:%s/BPMCluster:/" % "<De_name>" wsadmin>clusterId = AdminUtilities.convertToList(AdminConfig.getid (clusterPath)) wsadmin>capabilities1 = AdminUtilities.convertToList(AdminConfig.showAttribute(clusterId[0], 'capabilities')) wsadmin>capabilities1['Application'] wsadmin>capabilities2 = AdminUtilities.convertToList(AdminConfig.showAttribute(clusterId[1], 'capabilities')) wsadmin>capabilities2['Messaging'] wsadmin>capabilities3 = AdminUtilities.convertToList(AdminConfig.showAttribute(clusterId[2], 'capabilities')) wsadmin>capabilities3['Support']
- List objects of a given type:Note: For each of the properties, refer to Table 1 for the configuration object, including the configuration object containment path, for example
wsadmin>path = "/ServerCluster:<clusterName>/BPMClusterConfigExtension:/BPMProcessServer:/BPMServerSecurity:/" wsadmin>b = AdminConfig.getid(path) wsadmin>b '(cells/Cell1/clusters/AppClusterDe1|cluster-bpm.xml#BPMServerSecurity_1366695662779)'
- Show attributes of an object with values (Nested objects are listed using
their configuration ID):
wsadmin>print AdminConfig.show(b) [deploySnapshotUsingHttps false][externalUserQueryLimit 100][ldapOptions [twUserNameAttribute(cells/Cell1/clusters/AppClusterDe1|cluster-bpm.xml#BPMLdapOption_1366695662779) twUserDescriptionAttribute(cells/Cell1/clusters/AppClusterDe1|cluster-bpm.xml#BPMLdapOption_1366695662780) twGroupNameAttribute(cells/Cell1/clusters/AppClusterDe1|cluster-bpm.xml#BPMLdapOption_1366695662781) twGroupDescriptionAttribute(cells/Cell1/clusters/AppClusterDe1|cluster-bpm.xml#BPMLdapOption_1366695662782)]] [securityGroups (cells/Cell1/clusters/AppClusterDe1|cluster-bpm.xml#BPMServerSecurityGroups_1366695662779)] [securityUsers (cells/Cell1/clusters/AppClusterDe1|cluster-bpm.xml#BPMServerSecurityUsers_1366695662779)] [wildcardProcessingOptimized false]
- Show all attributes of an object with values (Nested objects are listed):
wsadmin>print AdminConfig.showall(b) [deploySnapshotUsingHttps false] [externalUserQueryLimit 100] [ldapOptions [[[name twUserNameAttribute] [value sAMAccountName]] [[name twUserDescriptionAttribute] [value description]] [[name twGroupNameAttribute] [value cn]] [[name twGroupDescriptionAttribute] [value description]]]] [securityGroups [[bpmAdminGroup tw_admins] [bpmAuthorGroup tw_authors] [collaborationAdmin tw_admins] [debug Debug] [offlineInstall []] [processHelpAccess tw_admins] [showXmlMetadata Debug]]] [securityUsers [[notifyError bpmadmin2] [userToCloseTask bpmadmin2] [userToCreateTask bpmadmin2]]] [wildcardProcessingOptimized false]
- Show the value of a particular attribute:
wsadmin>print AdminConfig.showAttribute(b,'externalUserQueryLimit') 100
- Modify the value for a property:Note: To ensure that configuration changes are saved, run the AdminConfig.save command each time a property is modified.
wsadmin>AdminConfig.modify(b,[['externalUserQueryLimit', '150']]) '' wsadmin>AdminConfig.save() '' wsadmin>print AdminConfig.showAttribute(b,'externalUserQueryLimit') 150
- Get the console element:
wsadmin>consoleElements = AdminUtilities.convertToList(AdminConfig.getid ("/BPMConsoleElement:/")) wsadmin>elementName = AdminConfig.showAttribute((consoleElements[0]), 'name') wsadmin>print elementName 'console.admin.tools'
- Get the configuration IDs of the constraint object for this console
element:
wsadmin>elementName = AdminConfig.showAttribute((consoleElements[4]), 'name') wsadmin>print elementName 'console.bulk.user.attribute.assignment'
- Use the configuration ID to locate the current value for the property:
wsadmin>constraintIds = AdminConfig.showAttribute((consoleElements[4]), 'constraints') wsadmin>print constraintIds [(cells/Cell1/clusters/AppClusterDe1|cluster-bpm.xml#BPMConsoleConstraint_1366695662782)] wsadmin>constraint1 = "(cells/Cell1/clusters/AppClusterDe1|cluster-bpm.xml#BPMConsoleConstraint_1366695662782)" wsadmin>val = AdminConfig.showAttribute(constraint1, 'value') wsadmin>print val 'tw_admins'
- Add a constraint:
wsadmin>AdminConfig.create('BPMConsoleConstraint', consoleElements[4], [['type', 'role'],['value', 'admins']]) '(cells/Cell1/clusters/AppClusterDe1|cluster-bpm.xml#BPMConsoleConstraint_1367394007068)' wsadmin>AdminConfig.save()''
- Remove a constraint:Tip: Iterate through the returned list of constraints by using the index.
wsadmin>constraintIds = AdminConfig.showAttribute((consoleElements[4]), 'constraints') wsadmin>print constraintIds [(cells/Cell1/clusters/AppClusterDe1|cluster-bpm.xml#BPMConsoleConstraint_1366695662782) (cells/Cell1/clusters/AppClusterDe1|cluster-bpm.xml#BPMConsoleConstraint_1367394007068)] wsadmin>constraint1 = "(cells/Cell1/clusters/AppClusterDe1|cluster-bpm.xml#BPMConsoleConstraint_1366695662782)" wsadmin>constraint2 = "(cells/Cell1/clusters/AppClusterDe1|cluster-bpm.xml#BPMConsoleConstraint_1367394007068)" wsadmin>val1= AdminConfig.showAttribute(constraint1, 'value') wsadmin>val2= AdminConfig.showAttribute(constraint2, 'value') wsadmin>print val1 'tw_admins' wsadmin>print val2 'admins' wsadmin>AdminConfig.remove(constraint2) wsamdin>AdminConfig.save()
Accessing and modifying security properties by using Jython
The following examples are shown by using Jython scripts. For more examples on modifying the BPMActionPolicy configuration object, refer to the BPMSecurityConfig_sample.py sample Jython script. The sample script is located at install_root/util/Security/BPMSecurityConfig_sample.py.
Usage: Use this script to get/modify the configured security properties.
-E|--de DE_name -option')
-g|--get property_name')
-s|--set property_name , new_value')
-a|--add console_property_name , constraint_value')
|action_policy_name , role to be added')
-r|--remove console_property_name , constraint_value')
|action_policy_name , role to be removed')
You
can access the property values by using the -g|get option
and you can change the value by using the -s|set option.
For the console properties, you can add or remove constraints to restrict
access to console sections. These properties have their own -a|--addConstraint and -r|--removeConstraint options
as previously described.- Get the value of the external user query limit:
install_root\bin>wsadmin -conntype NONE -f <install-root>/util/Security/BPMSecurityConfig_sample.py -E <de_name> -g externalUserQueryLimit WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode. WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[-E, De1, -g, externalUserQueryLimit]" Current value for property externalUserQueryLimit in DE De1 is:99
- Get the value of an action policy:
INSTALL_ROOT\bin>wsadmin -conntype NONE -f <install-root>/util/Security/BPMSecurityConfig_sample.py -E <de_name> -g ACTION_ABORT_INSTANCE WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode. WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[-E, De1, -g, ACTION_ABORT_INSTANCE]" Current value for property ACTION_ABORT_INSTANCE in DE De1 is:tw_admins
- Modify an existing value: Note: You can modify any of the security properties listed in Table 2.
- Set the value of the external user query limit:
install_root\bin>wsadmin -conntype NONE -f <install-root>/util/Security/BPMSecurityConfig_sample.py -E <de_name> -s externalUserQueryLimit,100 WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode. WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[-E, De1, -s, externalUserQueryLimit,100]" Current value for property externalUserQueryLimit in DE De1 is:99 INFO : The given value for the property was set successfully. Current value for property externalUserQueryLimit in DE De1 is:100
- Add a role to an action policy:
install_root\bin>wsadmin -conntype NONE -f <install-root>/util/Security/BPMSecurityConfig_sample.py -E <de_name > -s ACTION_ABORT_INSTANCE,adminsWASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode. WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[-E, De1, -a, ACTION_ABORT_INSTANCE,admins]" Current value for property ACTION_ABORT_INSTANCE in DE De1 is:tw_admins Current value for property ACTION_ABORT_INSTANCE in DE De1 is:tw_admins;admins
- Set the value of the external user query limit:
- Add a constraint to a console property:
install_root\bin>wsadmin -conntype NONE -f <install-root>/util/Security/BPMSecurityConfig_sample.py -D <de_name> -a console.monitor,admins WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode. WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[-E, De1, -a, console.monitor,admins]" Current value for property console.monitor in DE De1 is:constraint 0 : tw_admins constraint 1 : tw_authors INFO : The given value for the property was set successfully. Current value for property console.monitor in DE De1 is: constraint 0 : tw_admins constraint 1 : tw_authors constraint 2 : admins
- Remove a constraint from a console property:
install_root\bin>wsadmin -conntype NONE -f BPMSecurityConfig_sample.py -r console.monitor,admins WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode. WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[-E, De1, -r, console.monitor,admins]" Current value for property console.monitor in DE De1 is: constraint 0 : tw_admins constraint 1 : tw_authors constraint 2 : admins The given constraint was removed successfully. Current value for property console.monitor in DE De1 is: constraint 0 : tw_admins constraint 1 : tw_authors
- To suppress the inclusion of the user password in the URLs that Process Designer opens,
use the suppressRedirectUrlPasswd option. For
example, each time you run a playback in Process Designer, a
new Process Portal browser
session is opened. Process Designer then
submits the user credentials, which consist of the user ID and password,
and the browser session uses these credentials to log in. The suppressRedirectUrlPasswd option
stops the password from being included in the URL to improve security. Note: When you use the suppressRedirectUrlPasswd option, you need to log in to the browser only the first time that you open a web editable artifact or run a playback in Process Designer. This option applies only to Process Designer and can be turned on and off as needed.The following example is shown using Jython:
dmgr_profile_root>wsadmin.bat -connType NONE WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode. WASX7031I: For help, enter: "print Help.help()" wsadmin>path='/ServerCluster:AppCluster/BPMClusterConfigExtension:/BPMAuthoringEnvironment:/' wsadmin>b=AdminConfig.getid(path) wsadmin>b '(cells/PCCell1/clusters/AppCluster|cluster-bpm.xml#BPMAuthoringEnvironment_1376890854832)' wsadmin>AdminConfig.modify(b,[['suppressRedirectUrlPasswd','true']]) wsadmin>AdminConfig.save()