HCL Workload Automation, Version 9.4

Changing the security settings

This section describes how to modify the security settings of HCL Workload Automation.

About this task

Use the changeSecurityProperties script located in TWA_home/TWS/wastool to change various security settings on the application server. For the settings related to SSL, see Setting connection security. For the settings related to the passwords of the database access users, see Changing key HCL Workload Automation passwords. You can also change other settings, such as the active user registry or the local operating system ID and password.

The procedure requires you to stop the application server, create a text file of the current security properties, edit the file, run the utility, and restart the application server.

For more information about the procedure to make any changes to the WebSphere Application Server properties, see Application server - using the utilities that change the properties.
To determine which properties are to be changed, see:
- Configuring authentication, for information about the properties to be changed to modify your user registry configuration for user authentication.
- Scenario: Connection between the Dynamic Workload Console and the HCL Workload Automation component that has a distributed connector, for information about the properties to be changed to configure SSL communication between the different interfaces and the HCL Workload Automation engine.
- Migrating data from DB2 to Oracle and vice versa, for information about the properties to be changed when migrating your database from one database platform to another.
- Changing key HCL Workload Automation passwords, for information about how to use the properties to determine the procedure required for changing key passwords.
To change the text file of the current security properties, perform the following steps:
1. Edit the text file and locate the properties you need to change.
2. Make any required changes to the properties.
  Do not change any other properties.
Note:
1. The utility might display a message from the application server (WASX7357I:). You can ignore this message.
2. When you supply a password in a text file for changeSecurityProperties, there is a small security exposure. When you enter a password in the file, the password is entered in clear (unencrypted). After you have run changeSecurityProperties, the password remains in clear in the text file you have edited, but if you run showSecurityProperties the password is output encrypted, as a row of asterisks. Thus, your potential security exposure is limited to the time from when you entered the password in the text file until when you manually deleted the text file after using changeSecurityProperties.
  Attention: If you want to change parameters other than a password, and do not want to change a password, ensure that you perform one of the following actions before running changeSecurityProperties. This is required to prevent that the row of asterisks is applied as the password:
  - Resupply the passwords in clear.
  - Comment the password properties.
  - Delete the password properties.