Read only admin in webMethods

atif · October 3, 2022, 11:55am

Hi Community,
I’m new to webMethods, I would like to know about the concept of readonly admin in webMethods

I would appreciate if someone in community can please comment or share their knowledge about what is the purpose/advantage of read-only admins in webMethods

Anyone already using this role/group?

Thanks!

Kalpesh_Shah1 · October 3, 2022, 1:01pm

@atif , if you are referring to ACL in IS that refers to ReadOnlyAdministrators, please have a look @ the readme (part of latest fixes) below.

Users defined in the Common Directory Service central users account cannot be given read-only access to the Administrator API.

To enable users with common directory services to have read-only access to the Administrator API, Integration Server introduces the following administrative assets:

ReadOnlyAdministrators user group. All members of the ReadOnlyAdministrators group have read-only access to the Administrator API.
ReadOnlyAdministrators ACL. Groups that are allowed access to the ReadOnlyAdministrators ACL have read-only access to the Administrator API. The new group ReadOnlyAdministrstors have access to the ReadOnlyAdministrators ACL.

To give a local user (a user defined on Integration Server) read-only access to the Administrator API, add the user to the ReadOnlyAdministrators group.
To give a user in the Central Directory Service read-only access to the API, add the group to which the user belongs to the ReadOnlyAdministrators ACL.

The first time the WmAdmin package loads after applying a fix that includes PIE-72142, Integration Server does the following:

Creates the ReadOnlyAdministrators user group if it does not exist.
Adds the users belonging to the group set as the value of the watt.adminapi.group.readOnly server configuration parameter to the ReadOnlyAdministrators user group.
Deletes the user group specified in the watt.adminapi.group.readOnly parameter.
Creates the ReadOnlyAdministrators ACL and adds the ReadOnlyAdministartors group to the allowed list for this ACL.
Deletes the watt.adminapi.group.readOnly server configuration parameter as it is no longer needed.

Note: Integration Server allows all users to access the OpenAPI file for a product using the GET /admin/swagger/{productName} operation.

Regards,
Kalpesh

srikanth.prathipati1803 · October 3, 2022, 1:31pm

There is used be Read-only custom Package implemented by on-field consultants. I should be having an old backup in my archive, I will try to find it for you.

srikanth.prathipati1803 · October 4, 2022, 1:54am

AdminReadOnly.zip (9.1 MB)
Quite older one from my archives. Not sure if it’s still intact. Hope this helps.

system · April 2, 2023, 1:54am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.