Creating or Editing a Role in the Management Section of the Console

The console access permissions that can be granted to a role are identical to those that can be granted to a user in the iSM console security scheme. There are general permissions, applicable to all iSM configurations, supplemented by read, write, and monitor permissions for each individual configuration. A realm user with a role that has been granted the same permissions as an iSM Security user should have the same level of access to console services as the iSM user.

Changes to roles do not take effect until iSM is restarted. You cannot create the Administrator role here. The Administrator role is built into the system, with the name "ism.admin". A user with the ism.admin role has full access to all iSM console services.

The iWay Service Manager offers several different types of authentication realm that can be used for console security. Security roles must be assigned to users within the realm. For more information on how to configure each type of realm and assign roles, see Realm Based Authentication and Role Based Authentication.

To enable realm-based authentication for an iSM configuration, you must specify the realm to use in the properties of that configuration, on the Servers page in the Management section of the console.

The following table lists and describes the three conditions that must be set.

Parameter

Description

Authentication Realm

Specifies the realm that will be used for console authentication for this server. Note that the realm must be configured in the server where you intend to use it. Select iSM Security for the original, user-based, security scheme.

Console Admin ID

iSM often exchanges background messages between configurations using the console service. This parameter specifies the user ID that should be sent with these internal requests. This user must be valid in the authentication realm you specify for this configuration.

Console Admin Password

The password to use with the Console Admin ID for background requests to the console service of this configuration.

The following image shows the Console Attributes pane in the iSM Administration Console.

Changes to the authentication realm of the configuration or console administration ID will not take effect until the console is restarted.

You can force iSM to revert to iSM Security by starting the server from the command line using the -u switch. This is useful to correct any problems that occur while configuring realm-based authentication.


iWay Software