Chapter 2. Planning 41
2.3 Management components
Access Manager for e-business provides three management tools that can be
used for the administration of your Access Manager system. Those tools are:
The
pdadmin utility, which provides a command line interface (CLI) for
performing administrative functions such as adding users or groups. It is a
C-based application that is installed as part of the Access Manager run time
environment (PDRTE) client component.
The
Web Portal Manager (WPM), which provides a browser-based capability
for performing most of the same functions provided by the pdadmin utility.
The previous two utilities are built using the Tivoli Access Manager
administration API, which enables the CLI and WPM interfaces for
program-initiated administrative functions and queries. The administration API
may also be used by custom applications to perform various Access Manager
administrative functions.
2.3.1 Web Portal Manager
The Access Manager Web Portal Manager provides a browser-based graphical
user interface (GUI) for Access Manager administration.
A key advantage of the Web Portal Manager over the pdadmin command line
utility is the fact that it is a browser-based application that can be accessed
without installing any Access Manager-specific client components on the
administrator’s local machine or requiring special network configuration to permit
remote administrator access. In fact, the authorization capabilities of WebSEAL
can be used to control access to the Web Portal Manager. This means greater
flexibility for administrators’ locations with respect to the physical systems they
are managing.
Administrative functionality
The Web Portal Manager was designed to be an alternative to the pdadmin
command line interface (CLI) for many administrative functions. However, not all
pdadmin functions are supported (such as the retrieval of server statistics) and
the command line interface will still be required in certain cases. In other cases,
such as exporting Access Manager authorization data, Web Portal Manager is
required. Web Portal Manager also offers some key functional benefits over
pdadmin, such as cloning and cut/paste functionality.
Migration of data using WPM
Web Portal Manager allows for the migration of data from one Access Manager
environment to another. Data is exported from the master authorization database
42 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
and placed into an XML file with optional encryption. It can then be transported to
a new Access Manager environment and imported.
This functionality allows for the export of one or more of the following items:
Access Control Lists (ACLs)
Protected Object Policies (POPs)
Authorization Rules (Rules)
Objects and object spaces including attached ACLs, POPs, and Rules
The export of data ensures a smooth transition from one Access Manager
environment to another, such as migrating from a test or staging environment to
production.
Delegated administration
The Web Portal Manager also provides a delegated user administration
capability. This enables an Access Manager administrator to create delegated
user groups and assign delegate administrators to these groups.
The initial aim of the Web Portal Manager delegate function is to enable multiple
independent enterprises to manage their own user population in a single Access
Manager secure domain. This functionality could be used when a service
provider that uses Access Manager to provide access control to Web resources
wants to allow its customers to define and manage their own user population.
Depending on their assigned roles, the delegated administrators can perform a
subset of the administration functions. There are four different levels of
administration in Access Manager, with the basic fields of action shown in
Table 2- 1 .
Table 2-1 Delegated administration roles in Access Manager
Action/role Domain
admin
Senior
admin
Admin Support Any other
View user X X X X X
Reset password X X X X
Add existing Access Manager user
as an administrator
XXX
Create domain user X X
Remove user X X
Domain control X
Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.
O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.
