The ACL definition represented on the UM Enterprise Manager can be used on a channel, when this channel corresponds to an Integration Server Document ?
I am only using the pub/sub model from IS, not using the UM APIs.
I tried to remove/set the ACL definition from the UM Enterprise Manager to block a document (channel) from IS to be published, but it does not work… The document always gets published/subscribed, not matter the UM ACL definition…
Michael,
yes - you can set ACL on the channels and it should work.
Are you running IS and UM on the same machine? Note that UM always allows full access to the OS user that installed UM on the local machine (to prevent accidental lock-out).
Can you send a screenshot of the ACL you set? And also show what you set in the IS wM Messaging alias on IS?
Thanks John,
Please find the answers to your questions in the attachment.
Michael.
ACL_UM.docx (219 KB)
Michael,
by default, any user that has admin privileges on the Realm, has full access to channels, regardless of the individual channel ACLs. So if the user that your IS is connecting to UM as, has the Admin API column checked in the Realm > Security > ACL tab in Enterprise Manager, then that would explain what you are seeing.
You can easily disable this admin-override by setting the Realm Config property Global Settings/AllowRealmAdminFullAccess to false. Then the channel ACL will always apply and you should see permission denied exceptions on your IS.
Hope this helps.
1 Like
Thank you Jonathan, it worked, cannot publish the doc anymore when the ACL is removed on the Channel:
Could not run ‘Mike.Doc:testPub’
com.wm.app.b2b.server.ServiceException: [ISS.0153.9009] Unable to send message to webMethods Messaging alias IS_UM_CONNECTION: com.wm.app.b2b.server.dispatcher.exceptions.MessagingSubsystemException: com.pcbsys.nirvana.client.nSecurityException: SECURITY: No privilege for attempted Operation : Channel Publish