Synchronizing access collections

If you define access collections in Control Desk, you might want to synchronize those definitions with the TADDM component. The synchronization ensures that similar access restrictions are enforced in the TADDM user interface.

Before you begin

To synchronize access collections, Control Desk must be configured to use WebSphere application security. Your TADDM server must be configured to use the same directory server that Control Desk uses, through the Virtual Member Manager on the Control Desk J2EE server.

When you synchronize access collections, the members of each security group that is assigned to an access collection have the operator role. That is, these users have read-only access to their access collection in the TADDM user interface.

By default this synchronization is not enabled. Enabling this synchronization requires that you use several applications to configure the communications between Control Desk and TADDM. Synchronization is one way: you can synchronize collections that you define in Control Desk, but not collections that you define in TADDM.

All collections that contain authorized configuration items that are linked to actual configuration items are synchronized. Collections are synchronized when they are created or modified. If you have collections defined before you enable synchronization, they are not synchronized until you modify and save them. To enable synchronization, you must know these values for your TADDM server:

  • The hostname
  • The administrator userid and password
  • Whether you want this connection to use Secure Sockets Layer (SSL) or not

About this task

To enable the synchronization of access collections between Control Desk and TADDM, follow these steps:

Procedure

  1. Enable listeners for Collections and Collection Authorizations. These listeners are already defined and simply must be enabled.
    1. Click Go To > Integration > Publish Channels.
    2. Open the records for Collections and Collection Authorizations. For each record, click Select Action and choose Enable event listener from the list.
    3. Click Save.
  2. Define the properties for the TADDM authorization synchronization end point.
    1. Click Go To > Integration > End Points.
    2. Enter TAD in the End point field and press Enter, to locate the TADDMEP end point.
    3. Enter the TADDM server host name. Select the appropriate option:
      • If you use TADDM Version 7.2.1 or earlier, specify port 9531, if you want this connection to use the Secure Sockets Layer (SSL), or port 9530 to connect without SSL.
      • If you use TADDM Version 7.2.2 or later, specify port 9433, if you want this connection to use the Secure Sockets Layer (SSL), or port 9433 to connect without SSL.
    4. Click Save.
  3. Enable TADDM as an external system.
    1. Click Go To > Integration > External Systems.
    2. Enter TAD in the System field and press Enter to locate the TADDMES record
    3. On the System tab, check the Enabled? check box.
    4. On the Publish Channels tab, check the boxes in the Enabled? column on the rows for Collections and Collection Authorizations.
    5. Click Save.
Parent topic: Security

Feedback