test

Service Registry 3 2005Q4 Administration Guide

Creating an Administrator

The Service Registry administration tool has some tasks that only a user who is registered as an administrator can perform. In addition, an administrator might be called upon to implement life cycle changes (for example, approvals) to objects other users submit.

An administrator can also change the default access control policy (ACP). However, writing an ACP is currently a manual process that requires knowledge of OASIS eXtensible Access Control Markup Language (XACML). For details, refer to Chapter 9, “Access Control Information Model,” of ebXML RIM 3.0, especially the examples in Sections 9.7.6 through 9.7.8. See Before You Read This Book for information on how to find the ebXML RIM 3.0 specification.

ProcedureTo Create an Administrator

To register yourself as an administrator, follow these steps.

Steps

  1. Perform user registration as described in Creating a User Account in Service Registry 3 2005Q4 User’s Guide

    Remember the path name of the certificate you downloaded. The default name of the certificate file is generated-key.p12.

  2. Obtain the unique identifier of your User object as follows:

    1. Use the Web Console to perform a Basic Query, with the Object Type set to User.

    2. Click the Details link to view the User object the Registry created for you.

    3. Make a note of the Unique Identifier field value.

  3. Copy the certificate to the following location in your home directory, creating directories as needed:

    $HOME/soar/3.0/jaxr-ebxml/security

  4. Change to the directory RegistryDomain-base/domains/registry/applications/j2ee-modules/soar/WEB-INF/classes.

  5. Open the file omar.properties in a text editor.

  6. Find the definition of the property omar.security.authorization.registryAdministrators.

  7. Edit the property definition by adding a vertical bar (|), followed by the logical identifier string that you made a note of in Step 2.

    The property definition must all be on one line and must not contain spaces. After you finish, it will look something like this (all on one line):

    omar.security.authorization.registryAdministrators=
urn:freebxml:registry:predefinedusers:registryoperator|
urn:uuid:77f5c196-79de-4286-8483-8d80def3583b

  8. Save and close the omar.properties file.

  9. Follow the instructions in To Stop and Restart the Application Server Domain for the Registry.

Next Steps

To create additional administrators, you do not have to edit the omar.properties file. If you are an administrator, you can use either the Admin Tool or the Web Console to add users, and you can use the Web Console to classify the users as administrators.