Domains, groups, and users - IBM Websphere

Next, we explain domains, groups,and users.


A number of appliance-wide resources and settings can be defined only in the default domain,such as network interfaces, users, access controls, and application domains.After any user enters an application domain,either through logging in or switching domains,that user can no longer access appliance-wide resources. When viewed from the main navigation area, these resources are disabled.The default domain cannot be deleted.

Users can be assigned to specific application domains to allow for greater administrative control.Users, who are restricted to specific application domains, can perform activities in only those application domains(provided that the user has the appropriate access controls).Services defined in one application domain cannot be shared with another application domain.

Application domains can be restarted independently without affecting any other domain and without requiring a restart of the entire appliance. When a domain is restarted,the persisted configuration file for that domain is used, which might change the running configuration of the domain.

To create an application domain, use the following procedure:

  1. Select Administration Configuration Application Domain to display the Application Domain
  2. Click Add to display the Configure Application Domain window.
  3. Specify the name in the Name field.
  4. Click Apply.

Refer to the Administrators Guide for details about the creation and management of domains, groups, and users.The AdministratorGuide-v1.pdf is provided on the CD shipped with the device or it can be downloaded from the IBM WebSphere DataPower Product Documentation Portal Web page:

Specifying access control

User accounts identify local users.Each local user account is defined by a user name and password. These credentials are used to log in to the DataPower appliance and to apply the appropriate access profile to the user account.

Creating user groups
A user group represents a collection of users who perform similar tasks and require the same level of access to the appliance.User groups are assigned privileges to DataPower resources. Each privilege is known individually as an access policy. A collection of policies is known as an access profile in DataPower terminology.

Related trading partner user accounts can be combined into one user group, which shares the same access profile.The B2B Transaction Viewer is a useful utility for checking message flow and troubleshooting when there are problems.The Transaction Viewer access can be defined at an extremely detailed level for thespecific needs of external trading partners.

Creating user accounts
Only the admin user,when in the default domain,or a member of the sysadmin group with the correct access policy can manage user accounts.The best practice is to create new local users with the New User Account utility, because this utility defines a user who is a member of a group.

To create a user account, select Administration Access New User Account.The wizard prompts for the following information:

  1. Restrict this user to a domain (Yes).
  2. If Yes, select the domain to which to restrict this user. (If the domain does not exist, you can create it from the restrict user view.)
  3. Domain Account Type. Enter the name of the group or create a new group.
  4. Name of user account.
  5. Summary describing the user account (optional).
  6. Password and confirmed password for the user account.
  7. Click Commit.
  8. Optionally, click Save Config to save the object to the startup configuration.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd Protection Status

IBM Websphere Topics