Configuring command access control
You can use command access control to determine which commands and features users can access. You can create a command access control file to match the specific needs of your deployment.
If you follow this procedure in a deployment that provides high availability, you must complete each step on every Liberty server in your environment before you move to the next step.
Create a command access control file.
- Navigate to the directory in the deployment toolkit that contains the example security schema: toolkit\configuration\examples\security-schema.
- Copy the example-command-access-control.xml file to the configuration\fragments\opal-services\WEB-INF\classes directory, and rename it to command-access-control.xml.
- Modify the command access control file.
- Open the command-access-control.xml file in your XSD-aware XML editor. For more information, see Setting up your XSD aware XML editor.The associated XSD file is: toolkit\scripts\xsd\CommandAccessControl.xsd.
- Use the reference information to specify the access control that your system requires.
- Save the completed file.
- Open the command-access-control.xml file in your XSD-aware XML editor. For more information, see Setting up your XSD aware XML editor.
- To set the command access control file
to be used in the deployment:
- Using a text editor, open the toolkit\configuration\fragments\opal-services\WEB-INF\classes\DiscoServerSettingsCommon.properties file.
- Specify your command access control
file as the value for the
- Save the file.
- In a command prompt, navigate to the toolkit\scripts directory.
- Stop Liberty:
setup -t stopLiberty
- Update the i2
setup -t deployLiberty
- Start Liberty:
setup -t startLiberty
After you set command access control, you can revert to the default state by ensuring that the
CommandAccessControlResource property in the toolkit\configuration\fragments\opal-services\WEB-INF\classes\DiscoServerSettingsCommon.properties has no value.