![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |
• Trusted.txt can be used on UNIX or Microsoft Windows. It is used when the command line specifies Trusted.
• TrustedWithDomain.txt is for use on Microsoft Windows only, and is used when the command line specifies TrustedWithDomain.CONFIG_FOLDER/hawk/domain/<domain-name>/security where <domain-name> is the name of the Hawk domain.
2. Provide a remote Trusted.txt file to configure a security URL on Agent,
− -Dhawk.security_file_url=file:///D:/temp/Trusted.txt-Dhawk.security_file_url=http://<hostname:port>/Trusted.txt
3. Modify the appropriate sample access control file, Trusted.txt or TrustedWithDomain.txt, according to the requirements of your system.
5. Ensure that the security_policy parameter in Hawk agent configuration is set to one of the following, before starting TIBCO Hawk Agent and Hawk Console:To store access control information, the Trusted model uses an ASCII file. Two sample access control files are included with TIBCO Hawk: Trusted.txt and TrustedWithDomain.txt.Sample access control files are shipped with the TIBCO Hawk software, in the directory HAWK_HOME/examples/security/.This file can only be used with Microsoft Windows XP, and only when specified in the command used to start TIBCO Hawk agent and Display, as in -security_policy COM.TIBCO.hawk.security.trusted.TrustedWithDomain.The user is the login ID and the domain where the user is logged on. For example, for user1 in domainX, the user is <domainX>\user1.Wildcards characters + and * affect permissions on group operations and point-to-point invocations as shown in Access Control File.Each individual setting is represented by one line in the access control file. Complex permissions and restrictions can be defined using sets of related lines. For example, you can give a user access to all methods on a node in one line, then in the following line, restrict that user’s access to one of those methods. See Disable Custom Microagent, for further details.Permissions are granted to a user using the user name. Restrictions are defined by prefixing a bang (!) character to the user name, as shown in the table.
Table 22 Access Control File Settings Wildcard characters can be used in the Node columns. See Node Restriction above. Grants access to all ACTION and INFO methods on the specified microagent (but not ACTIONINFO methods). Grants access to all INFO methods on the specified microagent (but not ACTION or ACTIONINFO methods). For each Hawk domain create a directory HAWK_HOME/domain/<domain-name>/security where <domain-name> is the name of the Hawk domain.
2. According to the requirements of your system, copy HAWK_HOME/examples/security/Trusted.txt or HAWK_HOME/examples/security/TrustedWithDomain.txt to CONFIG_FOLDER/security/.The second line grants access only to the user none, on all nodes for the Custom microagent, where none is a non-existent user. This effectively prevents anyone from executing the Custom microagent.
4. Ensure that the security_policy parameter in Hawk agent configuration is set to one of the following, before starting TIBCO Hawk Agent and Hawk Console:COM.TIBCO.hawk.security.trusted.Trusted or COM.TIBCO.hawk.security.trusted.TrustedWithDomainThe following example files demonstrates how a Trusted.txt and TrustedWithDomain.txt access control file might be constructed. The permissions and restrictions defined in this file are explained in the previous section.
• Grant user1 point-to-point access to all methods on all microagents, except:
−
− The specified methods on the Repository microagent on all nodes.
−
• Grant user2 point-to-point and group operation invocation access to all methods on all microagents, except:
−
−
−
• Grant user3 point-to-point and group operation invocation access to all methods on all microagents on all nodes, except:
−
•
•
As a further precaution, AMI applications are required to specify localhost as part of the TIBCO Rendezvous daemon parameter in order to prevent remote connections to its rvd daemon. Instructions to do this for UNIX and Microsoft Windows platforms are given below.
1. Add a command to start the localhost rvd prior to starting any TIBCO Hawk processes, as follows:
2.
1.
2. Make all TIBCO Hawk services dependent upon this new rvd service.
![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |