Step 1: Configuring access to Rule Execution Server

You control security access to Rule Execution Server by defining users and mapping them to the predefined roles.

The standard Rule Execution Server roles and an associated default user and password are summarized in the following table.

Role Use Default user/password
resAdministrators
Gives a user full administrator rights to:

  • Access and use the Rule Execution Server console to populate the database schema

  • Deploy, browse, and modify RuleApps

  • Monitor the decision history, purge and back up the history

  • Run diagnostics and view server information

 resAdmin/resAdmin+0
resDeployers
Gives a user the rights to:

  • Deploy, browse, and modify RuleApps

  • Test rulesets

 resDeployer/resDeployer+0
resMonitors
Gives a user the rights to:

  • View RuleApps

  • Monitor decision history and access Decision Center reports

 resMonitor/resMonitor+0
Note: In JBoss, passwords must have at least one digit and one non-alphanumeric symbol.
You can map users to roles by editing application-roles.properties in either <JBOSS_HOME>/standalone/configuration/ or <JBOSS_HOME>/domain/configuration/ depending on your operating mode. For example, you declare a user for each of the standard roles as follows:
resAdmin=resAdministrators
resDeployer=resDeployers
resMonitor=resMonitors
You can add user/password combinations and map them to roles at the same time:
  1. Open a command prompt in the <JBOSS_HOME>/bin directory.
  2. Enter the script ./add-user[.sh|.bat] -a <username> <password>
Here are examples based on the users listed in the table above:
  • ./add-user[.sh|.bat] -a -u resAdmin -p resAdmin+0 -ro "resAdministrators"
  • ./add-user[.sh|.bat] -a -u resDeployer -p resDeployer+0 -ro "resDeployers"
  • ./add-user[.sh|.bat] -a -u resMonitor -p resMonitor+0 -ro "resMonitors"