Security checks on event rules
Security checks on event rules enabled by default starting from version 9.5, Fix Pack 1.
Starting from product version 9.5, Fix Pack 1, security checks are enabled by default on event rules. The checks are enabled both for fresh installations and for upgrades from previous versions.
These checks verify that the user saving the event rule has DISPLAY permission on the relevant objects and thereby ensure a higher level of security when accessing event rules data.
To disable the security checks, set the
com.ibm.tws.conn.event.security.enabled
property to false in the TWSConfig.properties file. The
TWSConfig.properties file is located in the following path:- On UNIX operating systems
- TWA_DATA_DIR/usr/servers/engineServer/resources/properties
- On Windows operating systems
- TWA_home\usr\servers\engineServer\resource\properties
When you save the event rules, a security check is automatically performed to verify that you
have DISPLAY permission for the following events:
- FileMonitor
- for all events that reference a workstation, DISPLAY permission is required on the specified workstation.
- TWSObjectsMonitor
-
- for all job events, such as
JobStatusChanged
, DISPLAY permission is required on the specified job. - for all job stream events, such as
Job Stream Status Changed
, DISPLAY permission is required on the specified job stream. - for
Alert
,Application Server
andWorkstation
events, DISPLAY permission is required on the specified workstation. If the event type isChild Workstation Link Changed
orParent Workstation Link Changed
, DISPLAY permission is required on the specified child or parent workstation. - for all prompt events, the following considerations apply:
- if the prompt name refers to a global prompt, DISPLAY permission is required on the specified prompt.
- if the prompt name refers to a local prompt, DISPLAY permission is required on the specified job
and job stream. If no job nor job stream is specified, the
*
wildcard is assumed. - if the prompt name starts with the
*
wildcard, DISPLAY permission is required on the specified prompt, job, and job stream. If no job nor job stream is specified, the*
wildcard is assumed.
- for all job events, such as
If the user does not have the required permission, the event rule is not saved and an error message is displayed.
For more information about configuring security, see Configuring user authorization (Security file).