If you use the username not-a-DEadmin in IBM BPM 8.5.5 - you cannot open Administration Console for Content Platform Engine. The URL is https://<hostname>:<port>/acce.
You get the message in your browser:
Error Page Exception
SRVE0260E: The server cannot use the error page specified for your application to handle the Original Exception printed below.
Original Exception:
Error Message: com.ibm.ws.security.web.WebSecurityException: AuthorizationFailed
Error Code: 403
If we open SystemOut.log for managed node, we see the message there:
WebCollaborat A SECJ0129E: Authorization failed for user vlitvinov:defaultWIMFileBasedRealm while invoking GET on default_host:/acce/, Authorization failed, Not granted any of the required roles: DOC_STORE_ADMIN_USERS
So you must give your user the role DOC_STORE_ADMIN_USERS. For this:
1. Open ISC.
2. Applications > WebSphere enterprise applications > IBM_BPM_DocStoreAdmin_<Clustername> > Security role to user/group mapping
3. Map the role DOC_STORE_ADMIN_USERS to your user.
4. Save the configuration, syncronize nodes and restart the application.
Or you can use wsadmin commands, for example:
./wsadmin.sh localhost 8879 -lang jython -username wasadmin -password wasadmin
wsadmin>AdminApp.edit('IBM_BPM_DocStoreAdmin_BPMAPC.SingleCluster', '[ -MapRolesToUsers [[DOC_STORE_ADMIN_USERS AppDeploymentOption.No AppDeploymentOption.No "vlitvinov|bpmadmin" "" AppDeploymentOption.No "" "" ]]]' )
wsadmin>AdminConfig.save()
wsadmin>quit
After the commands. syncronize nodes and restart the application.
Then you will be able to open Administration Console for Content Platform Engine.
You get the message in your browser:
Error Page Exception
SRVE0260E: The server cannot use the error page specified for your application to handle the Original Exception printed below.
Original Exception:
Error Message: com.ibm.ws.security.web.WebSecurityException: AuthorizationFailed
Error Code: 403
If we open SystemOut.log for managed node, we see the message there:
WebCollaborat A SECJ0129E: Authorization failed for user vlitvinov:defaultWIMFileBasedRealm while invoking GET on default_host:/acce/, Authorization failed, Not granted any of the required roles: DOC_STORE_ADMIN_USERS
So you must give your user the role DOC_STORE_ADMIN_USERS. For this:
1. Open ISC.
2. Applications > WebSphere enterprise applications > IBM_BPM_DocStoreAdmin_<Clustername> > Security role to user/group mapping
3. Map the role DOC_STORE_ADMIN_USERS to your user.
4. Save the configuration, syncronize nodes and restart the application.
Or you can use wsadmin commands, for example:
./wsadmin.sh localhost 8879 -lang jython -username wasadmin -password wasadmin
wsadmin>AdminApp.edit('IBM_BPM_DocStoreAdmin_BPMAPC.SingleCluster', '[ -MapRolesToUsers [[DOC_STORE_ADMIN_USERS AppDeploymentOption.No AppDeploymentOption.No "vlitvinov|bpmadmin" "" AppDeploymentOption.No "" "" ]]]' )
wsadmin>AdminConfig.save()
wsadmin>quit
After the commands. syncronize nodes and restart the application.
Then you will be able to open Administration Console for Content Platform Engine.
No comments:
Post a Comment