6.6 UC-ADM-02: Manage security profiles

 < Day Day Up > 

6.6 UC-ADM-02: Manage security profiles

In this use case, we describe a simple security management scenario. In 5.5.2, "Testing externalized authorization" on page 210, we externalized the YourCo financial pages to TAM. In this demonstration, we continue and show how to remove the permission to view the Customer Support page from anonymous portal users, in other words, users who have not logged in to the site. See Appendix A, "Access Control Model in WebSphere Portal V5" on page 249 for more information. The full use case details can be found in "Administration use case details" on page 19.

6.6.1 Use case demonstration

This may be the Portal Administrator, the Access manager Administrator, a dedicated User Accounts Administrator or any person to whom the duties have been delegated (and has the appropriate permissions in the system). To demonstrate this use case, we go to the Portal guest welcome page. Click the YourCo Financial link and verify that the page appears as in Figure 6-16 with a subpage called Customer Support.

click to expand
Figure 6-16: YourCo Financial anonymous user page

The next step is to check the access settings for the Customer Support page in TAM. First, we find the TAM object for that page. We invoke pdadmin and run the following command; the list should appear as in Figure 6-17 on page 245.

click to expand
Figure 6-17: TAM object space

    object list /WPS 

The object we require is called /WPS/User@CONTENT_NODE_yourCo.CustomerSupportPage_6_0_6E. The next step is to display the TAM details on this page, including the acl, by running the following command. The results should appear as in Figure 6-18 on page 246. They show which users and groups have access to this resource. We are interested in Unauthenticated and Any-other. Unauthenticated refers to the default WebSphere Portal Server group Anonymous portal users, who are users who have not logged in. Any-other refers to the WebSphere Portal Server group All Authenticated Users, which is the default for all logged-in users.

click to expand
Figure 6-18: Displaying acl details

    object show    /WPS/User@CONTENT_NODE_yourCo.CustomerSupportPage_6_0_6E/WPS/WebSphere_Port    al/<nodename> 

The next step is to remove the Unauthenticated group from this resource in TAM. Run the following command and you should see a response as in Figure 6-19 on page 247. You will also see that Unauthenticated is removed from the acl for this page.

click to expand
Figure 6-19: Removing Unauthenticated group from acl

    acl modify WPS_User-CONTENT_NODE_yourCo-CustomerSupportPage_6_0_6E remove    unauthenticated 

Lastly, we have to wait approximately 30 seconds for the WebSphere Portal Server cache to time out; we then retrace our steps and view the guest YourCo financial page. The Customer Support page should not be visible anymore, as shown in Figure 6-20.

click to expand
Figure 6-20: YourCo Financial page with updated acl

 < Day Day Up > 

Secure Portal. Using Websphere Portal V5 and Tivoli Access Manager V4. 1
A Secure Portal Using Websphere Portal V5 and Tivoli Access Manager V4.1
ISBN: 073849853X
EAN: 2147483647
Year: 2003
Pages: 73
Authors: IBM Redbooks

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net