The EIS is any system that holds the data of an organization. It can be a mainframe, a messaging system, a database system, or an application. The connector security map is used to map the application's credentials to the EIS credentials.
A security map applies to a particular connector connection pool. One or more named security maps can be associated with a connector connection pool.
The following topics are addressed here:
Use the create-connector-security-map subcommand in remote mode to create a security map for the specified connector connection pool. If the security map is not present, a new one is created. You can specify back-end EIS principals or back-end EIS user groups. The connector security map configuration supports the use of the wild card asterisk (*) to indicate all users or all user groups.
You can also use this subcommand to map the caller identity of the application (principal or user group) to a suitable EIS principal in container-managed transaction-based scenarios.
For this subcommand to succeed, you must have first created a connector connection pool. For instructions, see To Create a Connector Connection Pool.
Ensure that the server is running.
Remote subcommands require a running server.
Create a connector security map by using the create-connector-security-map(1) subcommand.
Information about the options for the subcommand is included in this help page.
(Optional) If needed, restart the server.
Some properties require server restart. See Configuration Changes That Require Server Restart. If your server needs to be restarted, see To Restart a Domain.
This example creates a connector security map securityMap1 for connection-pool1.
asadmin> create-connector-security-map --poolname connector-pool1 --principals principal1, principal2 --mappedusername backend-username securityMap1 Command create-connector-security-map executed successfully |
Use the list-connector-security-maps subcommand in remote mode to list the existing security maps belonging to the specified connector connection pool. You can get a simple listing of the connector security maps for a connector connection pool, or you can get a more comprehensive listing that shows the principals of the map.
Ensure that the server is running.
Remote subcommands require a running server.
List existing connector connection pools by using the list-connector-connection-pools(1) subcommand.
List the security maps for a specific connector connection pool by using the list-connector-security-maps(1) subcommand.
This example lists the connector security maps associated with connector-Pool1.
asadmin> list-connector-security-maps connector-Pool1 securityMap1 Command list-connector-security-maps executed successfully. |
This example lists the principals associated with securityMap1.
asadmin> list-connector-security-maps --securitymap securityMap1 connector-Pool1 principal1 principal1 Command list-connector-security-maps executed successfully. |
This example lists the connector security maps associated with connector-Pool1.
asadmin> list-connector-security-maps --verbose connector-Pool1 securityMap1 principal1 principal1 Command list-connector-security-maps executed successfully. |
Use the update-connector-security-map subcommand in remote mode to create or modify a security map for the specified connector connection pool.
Ensure that the server is running.
Remote subcommands require a running server.
List existing connector security maps by using the list-connector-security-maps(1) subcommand.
Modify a security map for a specific connector connection pool by using the update-connector-security-map(1) subcommand.
(Optional) If needed, restart the server.
Some properties require server restart. See Configuration Changes That Require Server Restart. If your server needs to be restarted, see To Restart a Domain.
This example adds principals to securityMap1.
asadmin> update-connector-security-map --poolname connector-pool1 --addprincipals principal1, principal2 securityMap1 Command update-connector-security-map executed successfully. |
Use the delete-connector-security-map subcommand in remote mode to delete a security map for the specified connector connection pool.
Ensure that the server is running.
Remote subcommands require a running server.
List existing connector connection pools by using the list-connector-connection-pools(1) subcommand.
Delete a security map for a specific connector connection pool by using the delete-connector-security-map(1) subcommand.
Information about options for this subcommand is included in this help page.
This example deletes securityMap1 from connector-pool1.
asadmin> delete-connector-security-map --poolname connector-pool1 securityMap1 Command delete-connector-security-map executed successfully |