Set the application security on the Connections applications (updated)
This is a script that can be used to set the security on all the IBM Connections applications, with a text file as configuration source. I personally find setting the security on the applicaiton in Connections a very tedious and error-prone job. This script setApplicationSecurity2.py
makes it a lot easier.
The version of the script is for Connections 4.0 and Connections 4.5
To use
edit the file appsecurity.connections.txt , with the Application security settings you want to apply.
The syntax used here is :
{applicationname).{role}={type}.{name}
So for instance, for the Homepage application, you could set this :
Homepage.admin=group.connections-admins
Homepage.admin=group.homepage-admins
Homepage.admin=user.wasadmin
These lines will assign the groups connections-admins and homepage-admins to the admin role, as well as the wasadmin user. You can insert multiple lines per Application/role. The groups/users need to exist in your LDAP (or FileBasedRepository).
Additionally, these lines
Homepage.everyone=special.Everyone
Homepage.person=special.AllAuthenticated
Homepage.reader=special.AllAuthenticated
assign the “All Authenticated users” and the “Everyone” special subjects to the roles everyone, person and reader.
Comment out the lines you don’t want to set .
The file is here , it’s been updated to also contain Common, WidgetContainer and Mobile Administration :appsecurity.txt.connections
Run the Jython file :
- go to the bin directory of the Deployment Manager
-
run the script , with the full path to the property file as argument :
(on Linux)./wsadmin.sh -lang jython -username -password -f setApplicationSecurity2.py appsecurity.connections.txt
(on Windows)
wsadmin.bat -lang jython -username -password -f setApplicationSecurity2.py appsecurity.connections.txt
Output looks like this (this is for the out-of-the box ivtApp that I used for testing :
./wsadmin.sh -lang jython -username wpadmin -password PW -f /tmp/setApplicationSecurity2.py /tmp/appsecurity.txt
WASX7209I: Connected to process "dmgr" on node dmgr8Node using SOAP connector; The type of process is: DeploymentManager
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[/tmp/appsecurity.txt]"
\\\\\\\\\\\\\\\\\\\
Starting with /tmp/appsecurity.txt
ivtApp.All Role=special.AllAuthenticated
ivtApp.All Role=user.testuser
ivtApp.All Role=group.testgroup
ivtApp.All Role=group.testgroup2
ivtApp.Everyone Role=special.Everyone
ivtApp.Everyone Role=user.testuser2
ivtApp.Everyone Role=user.testuser45
ivtApp.DenyAllRole=
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
AppName: ivtApp Role: Everyone Role
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
[-MapRolesToUsers [[ "Everyone Role" yes no "|testuser45" "" "" "" "" ]]]
ADMA5075I: Editing of application ivtApp started.
ADMA5058I: Application and module versions are validated with versions of deployment targets.
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.
ADMA5113I: Activation plan created successfully.
ADMA5011I: The cleanup of the temp directory for application ivtApp is complete.
ADMA5076I: Application ivtApp edited successfully. The application or its web modules may require a restart when a save is performed.
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
AppName: ivtApp Role: All Role
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
[-MapRolesToUsers [[ "All Role" no yes "testuser" "testgroup|testgroup2" "" "" "" ]]]
ADMA5075I: Editing of application ivtApp started.
ADMA5058I: Application and module versions are validated with versions of deployment targets.
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.
ADMA5113I: Activation plan created successfully.
ADMA5011I: The cleanup of the temp directory for application ivtApp is complete.
ADMA5076I: Application ivtApp edited successfully. The application or its web modules may require a restart when a save is performed.
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
AppName: ivtApp Role: DenyAllRole
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
[-MapRolesToUsers [[ "DenyAllRole" no no "" "" "" "" "" ]]]
ADMA5075I: Editing of application ivtApp started.
ADMA5058I: Application and module versions are validated with versions of deployment targets.
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.
ADMA5113I: Activation plan created successfully.
ADMA5011I: The cleanup of the temp directory for application ivtApp is complete.
ADMA5076I: Application ivtApp edited successfully. The application or its web modules may require a restart when a save is performed.
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\ DONE \\\\\\\\\
Please sync the nodes and wait for the changes to be applied in the applications ...