6.6 UC-ADM-02: Manage security profiles

Previous page
Table of content
Next page

  < Day Day Up > 


6.6 UC-ADM-02: Manage security profiles

In this use case, we describe a simple security management scenario. In 5.5.2, "Testing externalized authorization" on page 210, we externalized the YourCo financial pages to TAM. In this demonstration, we continue and show how to remove the permission to view the Customer Support page from anonymous portal users, in other words, users who have not logged in to the site. See Appendix A, "Access Control Model in WebSphere Portal V5" on page 249 for more information. The full use case details can be found in "Administration use case details" on page 19.

6.6.1 Use case demonstration

This may be the Portal Administrator, the Access manager Administrator, a dedicated User Accounts Administrator or any person to whom the duties have been delegated (and has the appropriate permissions in the system). To demonstrate this use case, we go to the Portal guest welcome page. Click the YourCo Financial link and verify that the page appears as in Figure 6-16 with a subpage called Customer Support.

click to expand
Figure 6-16: YourCo Financial anonymous user page

The next step is to check the access settings for the Customer Support page in TAM. First, we find the TAM object for that page. We invoke pdadmin and run the following command; the list should appear as in Figure 6-17 on page 245.

click to expand
Figure 6-17: TAM object space 

    object list /WPS

The object we require is called /WPS/User@CONTENT_NODE_yourCo.CustomerSupportPage_6_0_6E. The next step is to display the TAM details on this page, including the acl, by running the following command. The results should appear as in Figure 6-18 on page 246. They show which users and groups have access to this resource. We are interested in Unauthenticated and Any-other. Unauthenticated refers to the default WebSphere Portal Server group Anonymous portal users, who are users who have not logged in. Any-other refers to the WebSphere Portal Server group All Authenticated Users, which is the default for all logged-in users.

click to expand
Figure 6-18: Displaying acl details 

    object show    /WPS/User@CONTENT_NODE_yourCo.CustomerSupportPage_6_0_6E/WPS/WebSphere_Port    al/<nodename>

The next step is to remove the Unauthenticated group from this resource in TAM. Run the following command and you should see a response as in Figure 6-19 on page 247. You will also see that Unauthenticated is removed from the acl for this page.

click to expand
Figure 6-19: Removing Unauthenticated group from acl 

    acl modify WPS_User-CONTENT_NODE_yourCo-CustomerSupportPage_6_0_6E remove    unauthenticated

Lastly, we have to wait approximately 30 seconds for the WebSphere Portal Server cache to time out; we then retrace our steps and view the guest YourCo financial page. The Customer Support page should not be visible anymore, as shown in Figure 6-20.

click to expand
Figure 6-20: YourCo Financial page with updated acl


 < Day Day Up > 


Previous page
Table of content
Next page
Secure Portal. Using Websphere Portal V5 and Tivoli Access Manager V4. 1
A Secure Portal Using Websphere Portal V5 and Tivoli Access Manager V4.1
ISBN: 073849853X
EAN: 2147483647
Year: 2003
Pages: 73
Authors: IBM Redbooks
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
SQL Hacks
Programming Microsoft ASP.NET 3.5
GO! with Microsoft Office 2003 Brief (2nd Edition)
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy