Access with authorization delegated to Decision Center
You configure security access for your users and delegate authorization to Decision Center.
- Establish the user registry, for example a connection to an LDAP or a basic file-based registry.
- Set the security realm to authenticate all users and delegate authorization to Decision Center
- Create an administrative user in the user registry to complete the initial Decision Center configuration.
- rtsUser - Standard access.
- rtsConfigManager - Configuration manager access. All the rights of the standard user, and can, for example, create deployment configurations.
- rtsAdministrator - Administrator access. All the rights of the standard and configuration manager users, and can, for example, enable security and perform administrative tasks.
- rtsInstaller - Access to the Installation Settings Wizard in the Enterprise console.
After configuring security access to Decision Center, you complete the configuration of Decision Center. Then, you must create users and groups in the Decision Center database to make use of security and fined grained permissions (see Managing users from Decision Center.)
Step 1: Establish the user registry
- A registry of users from which the application server authenticates access to Decision Center.
- The Decision Center database, so that each authenticated user can receive a permission profile from Decision Center.
In the application server, you must establish this user registry.
Step 2: Set the security realm
You must set the security realm so that the application server authenticates users and delegates authorization to Decision Center.
To
do so, use the special subject feature for WebSphere
(see WebSphere: Authorization). Specifically, in
the WebSphere Integrated Solutions Console, modify the security role
so that all authenticated users have the role rtsUser:
Users from the user registry (LDAP or other) are all authenticated to log in to both Decision Center consoles, and are authorized the features of a basic user.
Step 3: Declare a user to complete the Decision Center configuration
You must create a user to complete the configuration of Decision Center. This user must have the rights of both rtsAdministrator and rtsInstaller.
The following table indicates the roles required for a user to complete the configuration.
Role | Use | Example group name, user/password combination |
---|---|---|
rtsAdministrator | Gives the user administrator access. | AdminGroup, rtsAdmin/rtsAdmin |
rtsInstaller | Gives the user access to the Installation Settings Wizard in the Enterprise console, to complete the configuration. | InstallGroup, rtsAdmin/rtsAdmin |