Mapping Unwired Platform Roles to Sybase Control Center Roles

Map Sybase Control Center roles to Unwired Platform roles, so a single userID controls which privileges the administrator has upon authentication and authorization. Use roles-map.xml to customize access privileges for your administrators.

An administrator other than the Unwired Platform administrator can secure and manage resources from Sybase Control Center. However, if they are the same individual, you can map roles so a single login allows administration privileges to both Sybase Control Center and Unwired Platform.
Note: roles-map.xml is a file used by multiple Sybase products; therefore, you see roles in this file you do not need. Edit the file as described here to avoid issues that may arise with unrecognized roles being defined in this file.
  1. Add these lines:
    <role-mapping modRole="MySUPplatformAdminRole" uafRole="uaAnonymous,uaAgentAdmin,uaPluginAdmin,sccAdminRole,sccUserRole" />
<role-mapping modRole="MySUPDomainAdminRole" uafRole="uaAnonymous,uaAgentAdmin,uaPluginAdmin,sccUserRole" />
<role-mapping modRole="MyNon-SUPDomainAdminRole" uafRole="uaAnonymous,uaAgentAdmin,uaPluginAdmin,sccUserRole" />
    The last two entries give both domain administrators access as a SCC User (which is mapped to sccUserRole). This means that the user can use the Unwired Platform plugin to administer Unwired Server.
  2. Ensure that the roles defined in the LDAP repository map to the UAF* roles in this file.
    By default, the role mapping file contains these roles in the LDAP Login Module definition:
     <module name="SUP LDAP Login Module"> 
      <role-mapping modRole="MySUPplatformAdminRole" uafRole="uaAnonymous,uaAgentAdmin,uaPluginAdmin,sccAdminRole,sccUserRole" /> 
      <role-mapping modRole="MySUPDomainAdminRole" uafRole="uaAnonymous,uaAgentAdmin,uaPluginAdmin,sccAdminRole,sccUserRole" /> 
    </module>
    These lines map logical Sybase Control Center roles to the provider's physical roles. For example, replace MySUPplatformAdminRole and MySUPDomainAdminRole with the name of the LDAP group for you created for "SUP Administrator" and "SUP Domain Administrator" users.

    Change MySUPplatformAdminRole and MySUPDomainAdminRole to the role names used by your provider.

    As a Sybase Control Center administrator, a user who is granted this role can perform administration and configuration tasks from the Unwired Platform management console after a successful login.
  3. To add role mapping for the Anonymous Login Module to the uaAnonymous role:
    1. Add the uaAnonymous role to the <uaf-roles> section of the roles-map.xml file:
      <role name="uaAnonymous" description="Anonymous role" />
    2. Add the role mapping in the <security-modules> section of the roles-map.xml file:
      <module name=''Anonymous Login Module''>
		 		 <role-mapping modRole=''uaAnonymous'' uafRole=''uaAnonymous'' />
	</module>
Parent topic: Replicating Unwired Server Setup in Sybase Control Center
Parent topic: Replicating Unwired Server Setup in Sybase Control Center
Previous topic: Configuring a Provider to Authenticate Sybase Control Center Logins