TWS 8.3 Security and Password Management

To modify the security file, perform the following steps:

1. |Navigate to the /tws_home/tws directory from where the dumpsec and makesec commands must be run.

2. |Run the dumpsec command to decrypt the current security file into an editable configuration file.

a. dumpsec > tempsec.conf

Modify the contents of the editable security configuration file using the syntax below:

vi tempsec.conf
#### TWS_USER and ROOT USERS #########
#### root level access to all functions #########

#########################################

USER MAESTRO

BEGIN

USEROBJ CPU=@ ACCESS=ADD,DELETE,DISPLAY,MODIFY,ALTPASS,UNLOCK

JOB CPU=@ ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,CONFIRM,DELDEP,DELETE,DISPLAY,KILL,MODIFY,RELEASE,REPLY,RERUN,SUBMIT,USE,LIST,UNLOCK

SCHEDULE CPU=@ ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,DELDEP,DELETE,DISPLAY,LIMIT,MODIFY,RELEASE,REPLY,SUBMIT,LIST,UNLOCK

RESOURCE CPU=@ ACCESS=ADD,DELETE,DISPLAY,MODIFY,RESOURCE,USE,LIST,UNLOCK

PROMPT ACCESS=ADD,DELETE,DISPLAY,MODIFY,REPLY,USE,LIST,UNLOCK

FILE NAME=@ ACCESS=BUILD,DELETE,DISPLAY,MODIFY,UNLOCK

CPU CPU=@ ACCESS=ADD,CONSOLE,DELETE,DISPLAY,FENCE,LIMIT,LINK,MODIFY,SHUTDOWN,START,STOP,UNLINK,LIST,UNLOCK

PARAMETER CPU=@ ACCESS=ADD,DELETE,DISPLAY,MODIFY,UNLOCK

CALENDAR ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,UNLOCK

END

### TWS VIEW ONLY ACCESS ###########

#######################################

USER VIEWER

CPU=@+LOGON=viewer

BEGIN

JOB CPU=@ ACCESS=DISPLAY,USE,LIST

SCHEDULE CPU=@ ACCESS=DISPLAY,LIST

RESOURCE CPU=@ ACCESS=DISPLAY,RESOURCE,USE,LIST

PROMPT ACCESS=DISPLAY,USE,LIST

FILE NAME=@ ACCESS=DISPLAY

CPU CPU=@ ACCESS=CONSOLE,DISPLAY,LIST

PARAMETER CPU=@ ACCESS=DISPLAY

CALENDAR ACCESS=DISPLAY,USE

END

### Default permissions for not root or tws_users####################
### Allowed to submit and all but delete - modify is required for viewing #

############################################################

USER DEFAULT

CPU=@+LOGON=@

BEGIN

JOB CPU=@ ACCESS=ADD,ADDDEP,MODIFY,CANCEL,CONFIRM,DISPLAY,KILL,RELEASE,REPLY,RERUN,SUBMIT,USE,LIST

SCHEDULE CPU=@ ACCESS=ADD,ADDDEP,MODIFY,CANCEL,DISPLAY,RELEASE,REPLY,SUBMIT,LIST

FILE NAME=@ ACCESS=BUILD,DISPLAY

CPU CPU=@ ACCESS=ADD,CONSOLE,DISPLAY,FENCE,LIMIT,LINK,START,STOP,UNLINK,LIST

PARAMETER CPU=@ ACCESS=ADD,DISPLAY

CALENDAR ACCESS=DISPLAY,USE

END

Then to apply the new tempsec file:
makesec tempsec.conf
If you need to change the TWS_USER password:
vi /home/twsuserid/.TWS/useropts_twsuserid
and update password
vi /root/.TWS/useropts_twsuserid
and update password in this file, it will automatically be encrypted upon restart
cd TWS_HOME/wastools
./stopWas.sh -user twsuserid -password twspass
./showSecurityProperties.sh > tempsec
vi tempsec
update the passwords in this temporary file under LocalOS or LDAP depending upon the auth in use.
the j2cpassword section is for the database password.
./changeSecurityProperties.sh tempsec
./startWas.sh
remove the tempsec file once everything is working.
be sure to update the database password for the TWS_USER as well if you have a db2 or oracle backend. the j2cpassword section is for the database password.

No comments: