Read-Only Administrator Access Changes in Integration Server Version 10.15
Prior to Integration Server 10.5, read-only administrator access to the Integration Server Administrator Admin API was controlled by membership in the group set as the value for the watt.adminapi.group.readOnly parameter. However, this precluded users defined in Common Directory Services from having read-only access to the Admin API. To allow users defined in Common Directory Services to have read-only access to the Admin API, Integration Server 10.15 introduces the following administrative assets:
ReadOnlyAdministrators user group. All members of the ReadOnlyAdministrators group have read-only access to the Administrator API.
ReadOnlyAdministrators ACL. Groups that are allowed access to the ReadOnlyAdministrators ACL have read-only access to the Administrator API. The new group ReadOnlyAdministrstors have access to the ReadOnlyAdministrators ACL.
During migration to Integration Server 10.5, the migration utility does the following:
1. Adds the users belonging to the group set as the value of the watt.adminapi.group.readOnly server configuration parameter to the ReadOnlyAdministrators user group.
2. Deletes the user group specified in the watt.adminapi.group.readOnly parameter.
3. Adds the ReadOnlyAdministartors group to the allowed list for the ReadOnlyAdministrators ACL
4. Deletes the watt.adminapi.group.readOnly server configuration parameter as it is no longer needed.
Note:
This change was introduced in earlier versions of Integration Server via application of a fix that included PIE-72412.