Using wsadmin to assign users to roles

[rfpl...@sneakemail.com]

Has anyone here ever used a wsadmin script to assign users
to application security roles? I'm looking to do the
equivalent of "Map security roles to users/groups" in
WebSphere Administrative Console for an application, but I
want to automate it.

I haven't been able to find any sample wsadmin scripts that
do it, and I'm starting to wonder if it is even possible.

Thanks,
------------------------------------------------------------
Terry Lacy "It is better to light a
Systems Analyst flamethrower than curse the
SL County IS darkness."
Terry Pratchett
------------------------------------------------------------

[Graham Ray]

Hi Terry,

Checkout the $AdminApp command in the Sys Admin Ref.

It has a MapRolesToUsers option which you can use to install an
app, or edit an existing one.

The option takes these parms;

# Role name - "role"
# Everyone - yes/no
# All Authenticated - yes/no
# Mapped users - "user1|user2"
( one/more users separated with a '|'
# Mapped groups - "group1|group2"
( one/more groups separated with a '|'

And here's a couple of samples edits. I have used a separate edit
for each role, but you can put them all in one.

$AdminApp edit myapp {-MapRolesToUsers { {"All" "yes" no "" ""}} }
$AdminApp edit myapp {-MapRolesToUsers { {"Inquiry" no yes "" ""}} }
$AdminApp edit myapp {-MapRolesToUsers { {"Entry" No no "user1|user2"
""}} }
$AdminApp edit myapp {-MapRolesToUsers { {"Admin" No no ""
"group1|group2|group3"}} }

Cheers - Graham

[Sven-Jürgen Lämke]

Hi Terry,

I don't know how many roles or applications you have, but maybe you should
take a look at the Tivoli Access manager (TAM) component TAM for websphere
application server. This component of the TAM e-business suite allows you to
migrate your secured j2ee-applications including all of the applied
security-roles and allows your LDAP-users/groups via TAM-ACLs access or no
access. This is also very usefull, if you are in a WAS Network Deployment
Environment - you get a centralized view and the central control of all of
your j2ee-apps and roles. In conjunction with the Tivoli Identity Manager
(using the TAM-agent) you are even able to set up a role based user
environment, which also can centrally manage (and synchronize passwords for
example) other (user) ressource manager like ADS, Oracle, Domino etc.

Regards

Sven

<rfpl...@sneakemail.com> schrieb im Newsbeitrag
news:1102966456.3...@c13g2000cwb.googlegroups.com...