Using BEA Tuxedo Security Administration Tools to Authorize Intersystem Access


	BEA Home \| Events \| Solutions \| Partners \| Products \| Services \| Download \| Developer Center \| WebSUPPORT
	http://www.oracle.com/technology/documentation/index.html \| Site Map \| Search \| PDF Files \| Contact \| Glossary

Tuxedo Documentation \| Using the BEA Tuxedo TOP END Domain Gateway \| Local Topics \| Previous Topic \| Next Topic \| Contents

To access BEA Tuxedo services, the TEDG uses the BEA Tuxedo user ID assigned, via DOMAINID, to the appropriate remote domain.

To establish access, by a BEA TOP END application, to BEA Tuxedo resources (services and queue spaces), complete the following procedure.

For each remote domain defined as type TOPEND in the DMCONFIG file, add an entry (remote domain DOMAINID and password) in the BEA Tuxedo security data files, tpusr and tpgrp, and assign the user ID entry to a group. To do so, enter the following command:
```
tpusradd -u uid -g gid DOMAINID
```
You will be prompted for a password for each user ID.

If the application is not active, you must run tpusradd on the master node. If the application is active, you can run this command on any node.

Note: You can add these entries to an existing group, or to a new group. New groups must be created before the tpusradd command can be used.To create a new group, use the tpgrpadd command. For the required syntax, see tpgrpadd(1) in the BEA Tuxedo Command Reference.
Define the SECURITY parameter in the UBBCONFIG file. Add ACL entries based on the following settings in the UBBCONFIG file:
- If SECURITY=ACL, then you may include an entry in the BEA Tuxedo security file for each service and queue space to be accessed by a BEA TOP END remote domain. If you do, add the group associated with each BEA TOP END remote domain DOMAINID that will access a service or queue space to the entry in the BEA Tuxedo security file for that service or queue space.
- If SECURITY=MANDATORY_ACL, then you must include an entry in the ACL database for each service and queue space to be accessed by any BEA TOP END remote domain. Add the group associated with the DOMAINID for each BEA TOP END remote domain that will access a service or queue space to the entry in the BEA Tuxedo security file for that service or queue space.
Run the tpacladd(1) command to add an ACL entry to the BEA Tuxedo security data files, thus authorizing access to BEA Tuxedo resources (that is, services and/or queue spaces) as needed, for each remote domain.
The format of the tpacladd command is as follows:
```
tpacladd -g gid servicename
```
```
tpacladd -g gid queue_space
```
Note: These commands authorize access to the specified service or queue space for the owners of all user IDs in the group.