create-connector-security-map(1)

Name | Synopsis | Description | Options | Operands | Examples | Exit Status | See Also

Name

create-connector-security-map– creates a security map for the specified connector connection pool

Synopsis

create-connector-security-map 
[--terse={true|false}][ --echo={true|false} ] 
[ --interactive={true|false} ] [ --host  host] 
[--port port] [--secure| -s ] [ --user  admin_user]
[--passwordfile filename] [--help]
  --poolname  connector_connection_pool_name
[--principals principal_name1[, principal_name2]* | 
--usergroups user_group1[, user_group2*]
 --mappedusername  username  {security_map_name}

Description

Use this command to create a security map for the specified connector connection pool. If the security map is not present, a new one is created. Also, use this command to map the caller identity of the application (principal or user group) to a suitable EIS principal in container-managed transaction-based scenarios. One or more named security maps may be associated with a connector connection pool. The connector security map configuration supports the use of the wild card asterisk (*) to indicate all users or all user groups.

For this command to succeed, you must have first created a connector connection pool using the create-connector-connection-pool command.

The enterprise information system (EIS) is any system that holds the data of an organization. It can be a mainframe, a messaging system, a database system, or an application.

This command is supported in remote mode only.

Options

-t --terse

Indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-formatted data for consumption by a script. Default is false.

-e --echo

Setting to true will echo the command line statement on the standard output. Default is false.

-I --interactive

If set to true (default), only the required password options are prompted.

-H --host

The machine name where the domain administration server is running. The default value is localhost.

-p --port

The HTTP/S port for administration. This is the port to which you should point your browser in order to manage the domain. For example, http://localhost:4848.

The default port number is 4848.

-s --secure

If set to true, uses SSL/TLS to communicate with the domain administration server.

-u --user

The authorized domain administration server administrative username.

If you have authenticated to a domain using the asadmin login command, then you need not specify the --user option on subsequent operations to this particular domain.

--passwordfile

The --passwordfile option specifies the name, including the full path, of a file containing the password entries in a specific format. The entry for the password must have the AS_ADMIN_ prefix followed by the password name in uppercase letters.

For example, to specify the domain administration server password, use an entry with the following format: AS_ADMIN_PASSWORD=password, where password is the actual administrator password. Other passwords that can be specified include AS_ADMIN_MAPPEDPASSWORD, AS_ADMIN_USERPASSWORD, and AS_ADMIN_ALIASPASSWORD.

All remote commands must specify the admin password to authenticate to the domain administration server, either through --passwordfile or asadmin login, or interactively on the command prompt. The asadmin login command can be used only to specify the admin password. For other passwords, that must be specified for remote commands, use the --passwordfile or enter them at the command prompt.

If you have authenticated to a domain using the asadmin login command, then you need not specify the admin password through the --passwordfile option on subsequent operations to this particular domain. However, this is applicable only to AS_ADMIN_PASSWORD option. You will still need to provide the other passwords, for example, AS_ADMIN_USERPASSWORD, as and when required by individual commands, such as update-file-user.

For security reasons, passwords specified as an environment variable will not be read by asadmin.

The default value for AS_ADMIN_MASTERPASSWORD is changeit.

--help

Displays the help text for the command.

--target

This option is deprecated in this release.

--poolname

Specifies the name of the connector connection pool to which the security map belongs.

--principals

Specifies a list of backend EIS principals. More than one principal can be specified using a comma separated list. Use either the --principals or --usergroups options, but not both.

--usergroups

Specifies a list of backend EIS user group. More than one usergroups can be specified using a comma separated list.

--mappedusername

This property specifies the EIS username.

Operands

security_map_name

name of the security map to be created or updated.

Examples

---

Example 1 Using create-connector-security-map command




It is assumed that the connector pool has already been created using the create-connector-pool command.

asadmin> create-connector-security-map --user admin --passwordfile pwd_file.txt --poolname connector-pool1 --principals principal1, principal2 --mappedusername backend-username securityMap1 Command create-connector-security-map executed successfully

---

Exit Status

0

command executed successfully

1

error in executing the command

See Also

delete-connector-security-map(1), list-connector-security-maps(1), update-connector-security-map(1)

Name | Synopsis | Description | Options | Operands | Examples | Exit Status | See Also