Read-only access to IS and TN

Hi

I wanted to know how to provide read-only access to IS Admin Console and TN? As per my knowledge, if we want to access IS Admin Console we require admin rights. But our client doesnt want anybody to change anything in the IS/TN, so he wanted to provide just a read-only access to the enviroment. Is there any way to achieve it? is there any default package available? or do we need to create our own DSP’s to achieve this? Please pour your suggestions and help me out.

Thanks in advance.

regards,
shankaa

Hi shankaa,
I browsed through all the options available in the IS admin page, but couldn’t find anything relavant to read only permissoins!
I tried to look for the solution in advantage and there is no possibility to have the read only access to IS and TN.

Refer the below links!
https://advantage.webmethods.com/advantage?targChanId=kb_home&oid=1613371856

https://advantage.webmethods.com/advantage?targChanId=kb_home&oid=1612216276

Please do update here, if you find any possible solution!

Thanks,
Prashanth

There actually is, but it’s not a trivial thing to have to do. You have to modify the .dsp pages to prevent updates. Worked with a company that did this and it was rather helpful. But wM support most likely won’t support any issues that pop up.

Could it be possible for you to elaborate more on this modifications on the dsp pages?

You edit the .dsp files and remove the links/portions that provide editing/update capabilities. For example, on the JDBC Adapter pages, you might remove the Edit links from the list of adapters.

Hi Reamon,

From your post, i understood that we can just edit the .dsp page of the TN and remove those unwanted links for the customers. Is that simple? or do we need to do anything else? How long it will take to do it. My client is asking a rough estimation on this. Please let me know.

Thanks,Shankaa

How long it will take depends entirely upon your familiarity with .dsp pages and the Administration pages in general.

If the purpose is to expose TN pages to “customers,” and customers are business users and/or external partners, I would strongly advise against doing this. Every company I’ve worked with that has done this has rolled it back. The reason it two-fold: 1) Even with customized .dsp pages, the control over who can see what usually isn’t granular enough to satisfy the need; 2) the interface is somewhat technical and not in terms that a business user/partner typically expects. The result is a “customer” base that is dissatisfied with the interface and therefore believes the entire integration infrastructure is suspect.

There is value, however, in creating read-only pages for the integration group to help with production support. This helps avoid inadvertent changes to production environments.

Of course others may have had different experiences that they are willing to share.

I would have been more clear on my query. Sorry about that.
The creation of .dsp pages is not for use to customers, its just for Production support integration people to just monitor and not to alter anything in the TN console.

Thanks,
Shankaa

Perfect. It’s a good idea to have the read-only versions for prod support–this is the audience where I’ve seen the read-only administration be successful.

As you probably know, there isn’t a way to make TN Console read-only. Only the TN Web Admin pages.

You’ll want to clone the .dsp pages, moving the pages that allow normal administration to another location (you’ll still need that!). It shouldn’t take longer than a few days to make the changes and test things out.

Hi ,
To restrict the access for ISAdministration page there use to be a package called AdminPageManager .
Unfortunately I don’t have link for the same, but if you got that package that should perfectly resolve your requirement to restrict access to IS Admin page.

Regards,
Ashish

I would recommend you to create a separate package,which can handle support related things, which requires use of IS admin console and TN console.

For this you need to identify, what the support team requires from IS admin console and what is needed from TN Console

After developing it, expose it to web, by creating .dsp pages.

How I have implemented read only TN Console is by restricting the port access.

Restrict the primary port access. Create a new port and restrict the access list to the services which are needed to open TN Console and view components.