[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


User Application Access on Websphere V7.0

Published on
9,780 Points
1 Endorsement
Last Modified:
This exercise is about for the following scenario:
Dmgr and One node with 2 application server.
Each application server contains it owns application.

Application server name as follows

server1 contains app1
server2 contains app1

1) You need to setup websphere global security with LDAP registry or Federated repository
2) You need to create two users on LDAP ( for example user1 and user2)

Requirement: WAS 7.0 and LDAP or you can also use federated repository ( file based  repository comes as a default security with WAS7.0)

The objective of this article is access for one user for a particular application server with in cell but limiting their access to other application server and applications. This article helps where you have application owner want to maintain their own app.

This can achieve this by configuring through the use of Administrative Authorization Groups. These groups map specific scopes or objects to console users and roles, thus allowing those users that role access to those specific objects.

Steps for configuring Fine Grained Adminstrative Security via  Administrative Authorization Groups

  1. In the administrative console, under Users and Groups, click Administrative user roles.
      Click ADD
  2. Under Roles, scroll down and select Monitor
  3. Click on the Search button it display all users from our LDAP
  4. Select user1 and user2.  Click the right arrow to move them to the Mapped to role list.
  5. In the administrative console, click Administrative authorization groups under Security
  6. Click New to create a new Administrative authorization group
  7. Enter User1ROLE Under Resources select all scope and Expand all of the entries and the
     sub-entries Under Business-level Applications and applications select the APP1
  8. (Under Nodes) Expand your node -- select server1
  9. Save the change and sync the node with dmgr.
10. In the administrative console, click Administrative authorization groups > Administrative user roles
11. Click Add to map the console user to the administrative authorization group.
      Select the Administrator Role, then click Search button it display all user from our LDAP  
12. Select user1 click the right arrow to move them to the Mapped to role list
13. Save the change and sync the node with dmgr.
14. Repeat step6 to step 11 for user2ROLE ( make sure select APP2 and Server2)
15. Select user2 click the right arrow to move them to the Mapped to role list
16. Login as user1 and user2. Once logged in, browse through various parts of the console.
      Notice that the user1 and user2 users has monitor rights to most areas.

For example Expand Applications > Application Types > Enterpise applications to verify that user user1 only has administrative authority on the APP1
1 Comment

Author Comment

Thank you very much

Featured Post

OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Watch this online video tutorial and learn the best way to reduce Outlook mailbox size using Compact Now feature of Outlook. It removes the deletes item's space from Microsoft Outlook 2016, 2013, and 2010 and compresses the PST file size. This will …
Microsoft Office 365 Backup and Restore Solution by SysTools to export Office 365 mailbox to PST / EML file format on Windows OS. On Mac, tool backup O365 to PST / MBOX / MSG / EML / EMLX file formats. Not only this, restore option helps to import s…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month