Preventing users from creating spaces

You can customize IBM® Business Process Manager so that only users logging in with a superuser role can create spaces.

About this task

By default, all users can create spaces. However, you can lock down Process Portal so that only people who log in using a superuser ID can create or import spaces.
Important: The lock-down procedure described in this topic applies only to Process Portal spaces. It does not restrict other access to Process Portal.

These superusers (or Process Portal administrators) can create a space and transfer ownership to other users. The users who are assigned ownership of spaces can then administer the spaces as if they had created them. For example, they can set who can view and edit the space and its properties and they can add pages. Other than the superuser role, you cannot define groups or individual users who are allowed to create spaces.

To limit creating spaces to superusers only, complete the following steps.

Procedure

  1. Change the com.ibm.mashups.lockeddown setting to true in the configuration file:
    • This topic applies only to the Distributed platformsFor a stand-alone server: profile_root\BusinessSpace\node_name\server_name\mm.runtime.prof\config\ConfigService.properties
    • For a cluster: deployment_manager_profile_root\BusinessSpace\cluster_name\mm.runtime.prof\config\ConfigService.properties
    The default value of false means that all users can create spaces. When the value is true, only superusers can create spaces.
  2. Run the updatePropertyConfig command in the wsadmin environment of the profile:
    • This topic applies only to the Distributed platformsFor a stand-alone server:

      The following example uses Jython: 

      AdminTask.updatePropertyConfig('[-serverName server_name -nodeName node_name 
-propertyFileName "profile_root\BusinessSpace\node_name\server_name
\mm.runtime.prof\config\ConfigService.properties" -prefix "Mashups_"]')
AdminConfig.save()
      Important: For Windows, the value for the propertyFileName parameter must be the full path to the file, and all backslashes must be double, for example: AdminTask.updatePropertyConfig('[-serverName server_name -nodeName node_name -propertyFileName "profile_root\\BusinessSpace\\node_name\\server_name\\mm.runtime.prof\\config\\ConfigService.properties" -prefix "Mashups_"]').

      The following example uses Jacl: 

      $AdminTask updatePropertyConfig {-serverName server_name -nodeName node_name
 -propertyFileName "profile_root\BusinessSpace\node_name\server_name
\mm.runtime.prof\config\ConfigService.properties" -prefix "Mashups_"}
$AdminConfig save
    • For a cluster:

      The following example uses Jython: 

      AdminTask.updatePropertyConfig('[-clusterName cluster_name -propertyFileName
 "deployment_manager_profile_root\BusinessSpace\cluster_name\mm.runtime.prof\
config\ConfigService.properties" -prefix "Mashups_"]')
AdminConfig.save()

      The following example uses Jacl: 

      $AdminTask updatePropertyConfig {-clusterName cluster_name -propertyFileName
 "deployment_manager_profile_root\BusinessSpace\cluster_name\mm.runtime.prof\
config\ConfigService.properties" -prefix "Mashups_"}
$AdminConfig save

Results

The next time that users log in to a Process Portal space, they will not be able to create a space unless they log in using a superuser ID.
Parent topic: Setting up security for the Business Space component and Process Portal