Setting up role-based security in Web Studio  Administering organizations

Chapter 2: Managing Web Studio Security

Configuring domains

Enterprise Portal supports the creation of multiple security domains, which enables system administrators to define multiple domains within an enterprise, each with its own security policy. Domain managers can configure a set of properties (for example, to enable auditing or password validation) independent of other domains. Domain-specific properties are stored in the security Access Control Database (ACDB).

You can modify domain values using the integrated Web Studio–Enterprise Security interface. Other security properties can be configured for your entire security system, rather than for a specific domain; these global properties are stored in the security.properties file.

The Enterprise Security installation creates a default domain—which contains the root organization—and an associated security policy. If you create suborganizations, you can choose whether to create them in the default domain or in a new domain.

For more information about setting up additional domains, see the Enterprise Security Administration Guide, Chapter 4, “Delegated Administration.”

StepsConfiguring domains

  1. To access Web Studio, enter the following URL in your Internet Explorer browser:

    http://HOSTNAME.PORTALDOMAIN:httplistenerport/onepage/index.html

    For example, if your machine name is “tahiti”, your portal domain is “sybase.com,” and you are using the default HTTP listener port, enter: 

    http://tahiti.sybase.com:8080/onepage/index.html

  2. When the Web Studio Login window displays, enter the PSO user name (pso) and password (123qwe).

  3. Select Configure | Domains. The default domain contains only one domain role for the Domain Security Officer—by default, the PSO user in the default organization—who has all the initial access rights assigned to manage the security domain and organization.

    Enterprise Security also creates the domain assets listed in Table 2-1:

    Table 2-1: Security domain assets

    Predefined domain assets

    Controls access to

    SYBDOMAIN_DefaultDomain_AccessAssetTypeCtrlAsset

    Access types and asset types

    SYBDOMAIN_DefaultDomain_AssetCtrlAsset

    Assets

    SYBDOMAIN_DefaultDomain_DomainCtrlAsset

    The Domain

    SYBDOMAIN_DefaultDomain_GroupCtrlAsset

    Groups

    SYBDOMAIN_DefaultDomain_OrgCtrlAsset

    Organizations

    SYBDOMAIN_DefaultDomain_RoleCtrlAsset

    Roles

    SYBDOMAIN_DefaultDomain_SubjectCtrlAsset

    Subjects

  4. Right-click each asset in the detail pane and select Manage Access Permission. When the Manage Access Permission on Asset window appears, you can see at the bottom that the PSO has all rights for each domain asset, which allows the PSO to set up the initial security for your enterprise.

    NoteThe PSO can work only with the security domain and organization. To use the Web Studio’s Build, Automate, and Manage options, you must create a new user and assign him the StudioAdmin role. See the Enterprise Security Administration Guide.




Copyright © 2004. Sybase Inc. All rights reserved. Administering organizations

View this book as PDF