How To
Summary
This technote describes the steps how to add new user for Dynamic Workload Console V9.5 and Tivoli Workload Scheduler V9.5, so the new Dynamic Workload Console user can access MDM engine with different user permission.
Steps
1) Added a new user in Dynamic Workload Console V9.5:
Add user name and password in Dynamic Workload Console installation folder/configDropins/overrides/authentication_config.xml, for example, new user name is testuser, modify xml file as following:
<server description="basicRealm">
<!-- Declare what basic Registry group has to be used with DWC Administator role -->
<variable name="admin.group.name" value="Admins"/>
<jndiEntry value="${admin.group.name}" jndiName="admin.group.name" />
<!-- Assign 'admin' to Administrator -->
<administrator-role>
<group>${admin.group.name}</group>
</administrator-role>
<basicRegistry id="basic" realm="TWSRealm">
<!-- DO NOT DELETE -->
<user name="${user.twsuser.id}" password="${user.twsuser.password}"/>
<!-- END DO NOT DELETE -->
<group name="${admin.group.name}">
<member name="${user.twsuser.id}"/>
</group>
<user name="testuser" password="testuser"/>
</basicRegistry>
</server>
2) In Dynamic Workload Console, grant new user as administrator role, so it can use manage server engine and create server engine;
3) In MDM Websphere Liberty, add a new user, for example twsuser95:
Modifying authentication_config.xml under MDM installation path, for example: C:\Program Files\wa\server\usr\servers\engineServer\configDropins\overrides\authentication_config.xml, modified xml file look as following:
<server description="basicRealm">
<basicRegistry id="basic" realm="TWSRealm">
<user name="${user.twsuser.id}" password="${user.twsuser.password}"/>
<user name="twsuser95" password="d4rkNess"/>
</basicRegistry>
</server>
4) Use dumpsec and makesec to add new MDM user into access list, for example, after add the new MDM user twsuser95 into access list, security file looks as following:
USER FULLCONTROLOFALLFOLDERS
CPU=@+LOGON=Administrator,wauser,twsuser1,twsuser95
BEGIN
JOB CPU=@+FOLDER="/" ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,CONFIRM,DELDEP,DELETE,DISPLAY,KILL,MODIFY,RELEASE,REPLY,RERUN,SUBMIT,USE,LIST,UNLOCK,SUBMITDB,RUN
SCHEDULE FOLDER="/" ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,DELDEP,DELETE,DISPLAY,LIMIT,MODIFY,RELEASE,REPLY,SUBMIT,LIST,UNLOCK
FOLDER NAME="/" ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,LIST,UNLOCK
CONTINUE
USER FULLCONTROLOFALLOBJECTS
CPU=@+LOGON=Administrator,wauser,twsuser95
BEGIN
USEROBJ CPU=@ ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,ALTPASS,LIST,UNLOCK
JOB CPU=@+NAME=@ ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,CONFIRM,DELDEP,DELETE,DISPLAY,KILL,MODIFY,RELEASE,REPLY,RERUN,SUBMIT,USE,LIST,UNLOCK,SUBMITDB,RUN
SCHEDULE CPU=@+NAME=@ ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,DELDEP,DELETE,DISPLAY,LIMIT,MODIFY,RELEASE,REPLY,SUBMIT,LIST,UNLOCK
RESOURCE CPU=@+NAME=@ ACCESS=ADD,DELETE,DISPLAY,MODIFY,RESOURCE,USE,LIST,UNLOCK
.
.
.
.
Document Location
Worldwide
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSGSPN","label":"IBM Workload Scheduler"},"ARM Category":[{"code":"a8m50000000KzAMAA0","label":"Components->DWC"}],"ARM Case Number":"TS003931828","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.5.0"}]
Was this topic helpful?
Document Information
Modified date:
11 February 2021
UID
ibm16368597