This is a script that can be used to set the security on all the IBM Connections applications, with a text file as configuration source. I personally find setting the security on the applicaiton in Connections a very tedious and error-prone job. This script setApplicationSecurity2.py
makes it a lot easier.
The version of the script is for Connections 4.0 and Connections 4.5

To use

edit the file appsecurity.connections.txt , with the Application security settings you want to apply.
The syntax used here is :

{applicationname).{role}={type}.{name}

So for instance, for the Homepage application, you could set this :

Homepage.admin=group.connections-admins  
Homepage.admin=group.homepage-admins  
Homepage.admin=user.wasadmin

These lines will assign the groups connections-admins and homepage-admins to the admin role, as well as the wasadmin user. You can insert multiple lines per Application/role. The groups/users need to exist in your LDAP (or FileBasedRepository).
Additionally, these lines

Homepage.everyone=special.Everyone  
Homepage.person=special.AllAuthenticated  
Homepage.reader=special.AllAuthenticated

assign the “All Authenticated users” and the “Everyone” special subjects to the roles everyone, person and reader.

Comment out the lines you don’t want to set .
The file is here , it’s been updated to also contain Common, WidgetContainer and Mobile Administration :appsecurity.txt.connections

Run the Jython file :

  • go to the bin directory of the Deployment Manager

  • run the script , with the full path to the property file as argument :
    (on Linux)

    ./wsadmin.sh -lang jython -username -password -f setApplicationSecurity2.py appsecurity.connections.txt

(on Windows)

wsadmin.bat -lang jython -username -password -f setApplicationSecurity2.py appsecurity.connections.txt

Output looks like this (this is for the out-of-the box ivtApp that I used for testing :

./wsadmin.sh -lang jython -username wpadmin -password PW -f /tmp/setApplicationSecurity2.py /tmp/appsecurity.txt  
WASX7209I: Connected to process "dmgr" on node dmgr8Node using SOAP connector; The type of process is: DeploymentManager  
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[/tmp/appsecurity.txt]"  
\\\\\\\\\\\\\\\\\\\  
Starting with /tmp/appsecurity.txt  
ivtApp.All Role=special.AllAuthenticated  
ivtApp.All Role=user.testuser  
ivtApp.All Role=group.testgroup  
ivtApp.All Role=group.testgroup2  
ivtApp.Everyone Role=special.Everyone  
ivtApp.Everyone Role=user.testuser2  
ivtApp.Everyone Role=user.testuser45  
ivtApp.DenyAllRole=  
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\  
AppName: ivtApp Role: Everyone Role  
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\  
[-MapRolesToUsers [[ "Everyone Role" yes no "|testuser45" "" "" "" "" ]]]  
ADMA5075I: Editing of application ivtApp started.  
ADMA5058I: Application and module versions are validated with versions of deployment targets.  
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.  
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.  
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.  
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.  
ADMA5113I: Activation plan created successfully.  
ADMA5011I: The cleanup of the temp directory for application ivtApp is complete.  
ADMA5076I: Application ivtApp edited successfully. The application or its web modules may require a restart when a save is performed.  
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\  
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\  
AppName: ivtApp Role: All Role  
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\  
[-MapRolesToUsers [[ "All Role" no yes "testuser" "testgroup|testgroup2" "" "" "" ]]]  
ADMA5075I: Editing of application ivtApp started.  
ADMA5058I: Application and module versions are validated with versions of deployment targets.  
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.  
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.  
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.  
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.  
ADMA5113I: Activation plan created successfully.  
ADMA5011I: The cleanup of the temp directory for application ivtApp is complete.  
ADMA5076I: Application ivtApp edited successfully. The application or its web modules may require a restart when a save is performed.  
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\  
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\  
AppName: ivtApp Role: DenyAllRole  
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\  
[-MapRolesToUsers [[ "DenyAllRole" no no "" "" "" "" "" ]]]  
ADMA5075I: Editing of application ivtApp started.  
ADMA5058I: Application and module versions are validated with versions of deployment targets.  
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.  
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.  
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.  
ADMA5005I: The application ivtApp is configured in the WebSphere Application Server repository.  
ADMA5113I: Activation plan created successfully.  
ADMA5011I: The cleanup of the temp directory for application ivtApp is complete.  
ADMA5076I: Application ivtApp edited successfully. The application or its web modules may require a restart when a save is performed.  
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\  
\\\\\\\ DONE \\\\\\\\\  
Please sync the nodes and wait for the changes to be applied in the applications ...