Security policies for runtime clusters and clouds

The Java Virtual Machine (JVM) security policies specify the permissions under which the JVM executes. This controls the JVM's access to local resources (such as local file system directories) and ability to perform certain actions within the infrastructure environment hosting the runtime.

When you install a multi-tenant runtime cloud or a single-tenant runtime cluster, the runtime can be configured with one of two types of Java security policies:

Policy Name	Description
High Security Policy	The default security policy for runtime clouds, providing maximum security for running a secure multi-tenant Cloud. This prevents individual tenants from accessing shared resources within the runtime that could impact other tenants.
Low Security Policy	The default security policy distributed when installing a single-tenant runtime cluster. There are no security restrictions in a Low security policy. This policy is used only when forked processing is enabled, which is not enabled by default. If forked processing is not explicitly enabled, the runtime cluster will not use a security policy and processes will execute in the main basic runtime's JVM with full permissions.

Overriding the default security policy

If you do not want to use the default security policies for runtime clouds, single-tenant runtime clusters, connector browse operations that run in forked executions, or execution worker in private runtime clouds, then you must override the appropriate default security policy. This is not common.

For example, you might want to change the default security policy level in the following use cases:

• If you are a partner who builds and executes all of your customers’ processes (that is, you control all of the tenants in the runtime cloud), then you may want to use a Low security policy. As the runtime cloud owner you already have complete control over all of the processes.

• The High security policy denies access to all local network resources and file system resources outside of the account directory. If you are a partner or local cloud owner and you have local resources that you want to share with your customers or child accounts, but you also want to use a High security policy, then you should add custom permissions by using the Atom Security Policies object (see the section below). You would add to it exceptions for the local resources that you want to share (for example an internal FTP server, an internal database, an internal web service, shared directories, etc.).

To change the security policy level, use the following steps:

1. In the Manage menu, select Runtime Management.
2. Select the runtime cloud or runtime cluster from the list on the left.
3. In Settings & Configurations, select Properties and then click the Advanced tab.
4. From the Add Property drop-down list, select the Security Policy property and then click Add Property.
5. Enter LOW or HIGH in the Security Policy Property Value field.
6. Click Save.

Customizing a security policy

You can customize a High security policy by granting additional permissions by using the Atom Security Policies object. Adding custom permissions is common when you want to allow the runtime to access shared local resources such as an internal FTP server, databases, web service endpoints or ports, or file system directories.

note

You must be an administrator to customize the security policy for a runtime cloud or runtime cluster.

For more information, see the topic Customizing security policies.

Additional resources

• Java 8 Security Documentation

• Java 8 Default Policy File Syntax

• Java 8 security permissions

• Java 11 Security Documentation

• Java 11 Permission and Security Policy File Syntax

• Java 11 Security Permissions