Enabling access to the Server Admin Console

The i2 Analyze Server Admin Console enables administrators to perform a range of configuration and management tasks from a web browser. The console supports different tasks through a set of apps, and you can use command access control to provide users with access to those apps as required.

Before you begin

At this version of i2 Analyze, the admin console can include the following apps:

  • i2 Connect gateway status allows users to view the status of the i2 Connect gateway, to preview the configured services, and to reload the gateway.

  • i2 Analyze type conversion allows users to create type conversion mappings between connector, gateway, and Information Store schemas.

  • User group management allows users to create, edit, and delete custom user groups, and to configure the sharing settings of all user groups.

Users who are members of system groups that have the i2:Administrator command access control permission can access all the apps in the admin console.

Users who are members of system groups that have the i2:Administrator:Groups permission can access the user group management app.

Users who are members of system groups that have the i2:Administrator:Connectors permission can access the gateway status and type conversion apps.

About this task

To enable access to the admin console for any particular user, you must ensure that they're a member of a system group that has the appropriate command access control permission. This task describes how to configure and deploy the necessary settings.

Procedure

To arrange or verify that the right groups have the right command access control permissions, follow these steps:

  1. If you have not already done so, follow the instructions in Configuring command access control to set up a command access control file in your deployment of i2 Analyze.

  2. In an XML editor, modify the command access control file:

    1. Open the file, which is conventionally named command-access-control.xml and found in the toolkit\configuration\fragments\opal-services\WEB-INF\classes directory.

    2. Check that at least one system group has the i2:Administrator permission. For example, if you have a system group named "Administrator" that should have access to all administrative functions, you might have this setting:

      <CommandAccessPermissions UserGroup="Administrator">
         <Permission Value="i2:Administrator" />
      </CommandAccessPermissions>
    3. Add the i2:Administrator:Groups permission to a system group that you want to have access to the user group management app.

      For example, if you wanted a group of senior analysts to have access, you might add the following setting:

      <CommandAccessPermissions UserGroup="SeniorAnalyst">
         ...
         <Permission Value="i2:Administrator:Groups" />
      </CommandAccessPermissions>
    4. Similarly, add the i2:Administrator:Connectors permission to a system group that you want to have access to the gateway status and type conversion apps.

  3. Save and close the file.

Then, to arrange or verify that a user is a member of one of the groups with permission to access the admin console, follow these steps:

  1. Examine the membership lists of the groups that have the administrator permissions.

    If you're using the basic Liberty user registry, you can open the file at i2\i2analyze\deploy\wlp\usr\shared\config\user.registry.xml.

  2. If necessary, add the user to the appropriate group.

    Again, if you're using the Liberty registry, you might have a user named "Jenny" who's a member of the "Administrator" system group:

    <group name="Administrator">
       ...
       <member name="Jenny"/>
    </group>

    Or a user named "Imogen" who's a member of the "SeniorAnalyst" system group:

    <group name="SeniorAnalyst">
       ...
       <member name="Imogen"/>
    </group>

Finally, if you made changes to the command-access-control.xml file above, redeploy and restart the Liberty server:

  1. At a command prompt, navigate to the toolkit\scripts directory.

  2. Run the following commands:

    setup -t deployLiberty
    setup -t startLiberty

What to do next

Verify access to the admin console by opening a web browser and navigating to <i2-Analyze-URL>/admin, where <i2-Analyze-URL> is the URL used to access your i2 Analyze deployment.

When you log in as a user who is a member of a group with the appropriate command access control permissions, you should see the apps that are available to you.

For more information about command access control, see Controlling access to features.