Administering Connector Security Maps

The EIS is any system that holds the data of an organization. It can be a mainframe, a messaging system, a database system, or an application. The connector security map is used to map the application's credentials to the EIS credentials.

A security map applies to a particular connector connection pool. One or more named security maps can be associated with a connector connection pool.

The following topics are addressed here:

• To Create a Connector Security Map

• To List Connector Security Maps

• To Update a Connector Security Map

• To Delete a Connector Security Map

To Create a Connector Security Map

Use the create-connector-security-map subcommand in remote mode to create a security map for the specified connector connection pool. If the security map is not present, a new one is created. You can specify back-end EIS principals or back-end EIS user groups. The connector security map configuration supports the use of the wild card asterisk (*) to indicate all users or all user groups.

You can also use this subcommand to map the caller identity of the application (principal or user group) to a suitable EIS principal in container-managed transaction-based scenarios.

Before You Begin

For this subcommand to succeed, you must have first created a connector connection pool. For instructions, see To Create a Connector Connection Pool.

1. Ensure that the server is running.

   Remote subcommands require a running server.

2. Create a connector security map by using the create-connector-security-map(1) subcommand.

   Information about the options for the subcommand is included in this help page.

3. (Optional) If needed, restart the server.

   Some properties require server restart. See Configuration Changes That Require Server Restart. If your server needs to be restarted, see To Restart a Domain.

Example 15–10 Creating a Connector Security Map

This example creates a connector security map securityMap1 for connection-pool1.

asadmin> create-connector-security-map --poolname connector-pool1 
--principals principal1, principal2 --mappedusername backend-username securityMap1
Command create-connector-security-map executed successfully

To List Connector Security Maps

Use the list-connector-security-maps subcommand in remote mode to list the existing security maps belonging to the specified connector connection pool. You can get a simple listing of the connector security maps for a connector connection pool, or you can get a more comprehensive listing that shows the principals of the map.

1. Ensure that the server is running.

   Remote subcommands require a running server.

2. List existing connector connection pools by using the list-connector-connection-pools(1) subcommand.

3. List the security maps for a specific connector connection pool by using the list-connector-security-maps(1) subcommand.

Example 15–11 Listing All Connector Security Maps for a Connector Connection Pool

This example lists the connector security maps associated with connector-Pool1.

asadmin> list-connector-security-maps connector-Pool1
securityMap1 
Command list-connector-security-maps executed successfully.

Example 15–12 Listing Principals for a Specific Security Map for a Connector Connection Pool

This example lists the principals associated with securityMap1.

asadmin> list-connector-security-maps --securitymap securityMap1 connector-Pool1
principal1
principal1
Command list-connector-security-maps executed successfully.

Example 15–13 Listing Principals of All Connector Security Maps for a Connector Connection Pool

This example lists the connector security maps associated with connector-Pool1.

asadmin> list-connector-security-maps --verbose connector-Pool1
securityMap1
principal1
principal1
Command list-connector-security-maps executed successfully.

To Update a Connector Security Map

Use the update-connector-security-map subcommand in remote mode to create or modify a security map for the specified connector connection pool.

1. Ensure that the server is running.

   Remote subcommands require a running server.

2. List existing connector security maps by using the list-connector-security-maps(1) subcommand.

3. Modify a security map for a specific connector connection pool by using the update-connector-security-map(1) subcommand.

4. (Optional) If needed, restart the server.

   Some properties require server restart. See Configuration Changes That Require Server Restart. If your server needs to be restarted, see To Restart a Domain.

Example 15–14 Updating a Connector Security Map

This example adds principals to securityMap1.

asadmin> update-connector-security-map --poolname connector-pool1 
--addprincipals principal1, principal2 securityMap1
Command update-connector-security-map executed successfully.

To Delete a Connector Security Map

Use the delete-connector-security-map subcommand in remote mode to delete a security map for the specified connector connection pool.

1. Ensure that the server is running.

   Remote subcommands require a running server.

2. List existing connector connection pools by using the list-connector-connection-pools(1) subcommand.

3. Delete a security map for a specific connector connection pool by using the delete-connector-security-map(1) subcommand.

   Information about options for this subcommand is included in this help page.

Example 15–15 Deleting a Connector Security Map

This example deletes securityMap1 from connector-pool1.

asadmin> delete-connector-security-map --poolname connector-pool1 securityMap1
Command delete-connector-security-map executed successfully