Go Premium for a chance to win a PS4. Enter to Win


User Application Access on Websphere V7.0

Published on
9,572 Points
1 Endorsement
Last Modified:
This exercise is about for the following scenario:
Dmgr and One node with 2 application server.
Each application server contains it owns application.

Application server name as follows

server1 contains app1
server2 contains app1

1) You need to setup websphere global security with LDAP registry or Federated repository
2) You need to create two users on LDAP ( for example user1 and user2)

Requirement: WAS 7.0 and LDAP or you can also use federated repository ( file based  repository comes as a default security with WAS7.0)

The objective of this article is access for one user for a particular application server with in cell but limiting their access to other application server and applications. This article helps where you have application owner want to maintain their own app.

This can achieve this by configuring through the use of Administrative Authorization Groups. These groups map specific scopes or objects to console users and roles, thus allowing those users that role access to those specific objects.

Steps for configuring Fine Grained Adminstrative Security via  Administrative Authorization Groups

  1. In the administrative console, under Users and Groups, click Administrative user roles.
      Click ADD
  2. Under Roles, scroll down and select Monitor
  3. Click on the Search button it display all users from our LDAP
  4. Select user1 and user2.  Click the right arrow to move them to the Mapped to role list.
  5. In the administrative console, click Administrative authorization groups under Security
  6. Click New to create a new Administrative authorization group
  7. Enter User1ROLE Under Resources select all scope and Expand all of the entries and the
     sub-entries Under Business-level Applications and applications select the APP1
  8. (Under Nodes) Expand your node -- select server1
  9. Save the change and sync the node with dmgr.
10. In the administrative console, click Administrative authorization groups > Administrative user roles
11. Click Add to map the console user to the administrative authorization group.
      Select the Administrator Role, then click Search button it display all user from our LDAP  
12. Select user1 click the right arrow to move them to the Mapped to role list
13. Save the change and sync the node with dmgr.
14. Repeat step6 to step 11 for user2ROLE ( make sure select APP2 and Server2)
15. Select user2 click the right arrow to move them to the Mapped to role list
16. Login as user1 and user2. Once logged in, browse through various parts of the console.
      Notice that the user1 and user2 users has monitor rights to most areas.

For example Expand Applications > Application Types > Enterpise applications to verify that user user1 only has administrative authority on the APP1
1 Comment

Author Comment

Thank you very much

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Join & Write a Comment

This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month