User Application Access on Websphere V7.0

Published on
9,677 Points
1 Endorsement
Last Modified:
This exercise is about for the following scenario:
Dmgr and One node with 2 application server.
Each application server contains it owns application.

Application server name as follows

server1 contains app1
server2 contains app1

1) You need to setup websphere global security with LDAP registry or Federated repository
2) You need to create two users on LDAP ( for example user1 and user2)

Requirement: WAS 7.0 and LDAP or you can also use federated repository ( file based  repository comes as a default security with WAS7.0)

The objective of this article is access for one user for a particular application server with in cell but limiting their access to other application server and applications. This article helps where you have application owner want to maintain their own app.

This can achieve this by configuring through the use of Administrative Authorization Groups. These groups map specific scopes or objects to console users and roles, thus allowing those users that role access to those specific objects.

Steps for configuring Fine Grained Adminstrative Security via  Administrative Authorization Groups

  1. In the administrative console, under Users and Groups, click Administrative user roles.
      Click ADD
  2. Under Roles, scroll down and select Monitor
  3. Click on the Search button it display all users from our LDAP
  4. Select user1 and user2.  Click the right arrow to move them to the Mapped to role list.
  5. In the administrative console, click Administrative authorization groups under Security
  6. Click New to create a new Administrative authorization group
  7. Enter User1ROLE Under Resources select all scope and Expand all of the entries and the
     sub-entries Under Business-level Applications and applications select the APP1
  8. (Under Nodes) Expand your node -- select server1
  9. Save the change and sync the node with dmgr.
10. In the administrative console, click Administrative authorization groups > Administrative user roles
11. Click Add to map the console user to the administrative authorization group.
      Select the Administrator Role, then click Search button it display all user from our LDAP  
12. Select user1 click the right arrow to move them to the Mapped to role list
13. Save the change and sync the node with dmgr.
14. Repeat step6 to step 11 for user2ROLE ( make sure select APP2 and Server2)
15. Select user2 click the right arrow to move them to the Mapped to role list
16. Login as user1 and user2. Once logged in, browse through various parts of the console.
      Notice that the user1 and user2 users has monitor rights to most areas.

For example Expand Applications > Application Types > Enterpise applications to verify that user user1 only has administrative authority on the APP1
1 Comment

Author Comment

Thank you very much

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Join & Write a Comment

In the video, one can understand the process of resizing images in single or bulk. Kernel Bulk Image Resizer is an easy to use tool for resizing large number of images. One can add and resize multiple images with this tool in single go. The video sh…
To export Lotus Notes to Outlook PST or Exchange and Domino Server files to Exchange Server or PST files with ease, go for Kernel for Lotus Notes to Outlook conversion tool. Through the video, you can watch the conversion process. A common user with…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month