Bill Wang <bw57...@gmail.com> wrote: >Hi Tomcat guru, > >I have questions for the tomcat user roles setup. > >On-call team (24*7 support) need permission to restart one tomcat >services, if they get call. I think it is maybe possible to let them >restart tomcat throught "Tomcat Web Application Manager" (the admin url >http://server:port/manager) > >My request is, I can't give the admin username and password directly to >on-call team, admin account can not only restart the application, it >can >deploy and undeploy applications, that's too dangerous. > >So how can I setup the tomcat-users.xml or other config file to let >on-call >team has only permission to restart that particular application, not >else. > >Regards, >Bill
You can create a new role in web.xml called restart and limit it to the list, start and stop commands since each command is part of the URL. Then you assign that role to a new user in your Realm. I'm on my phone so can't give an exact example. If that isn't enough info, I'm sure someone else can fill in the gaps for you. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
