To turn on security for Business Space you must enable both application security and administrative security.
The Business Space enterprise archive (EAR) file is preconfigured to ensure authentication and authorization of access. Business Space uses one default J2EE role, which is mapped to all authenticated users, which ensures that users are prompted to authenticate when accessing Business Space URLs. Unauthenticated users are redirected to a login page.
Authorization to spaces and page content in Business Space is handled internally to Business Space as part of managing spaces.
To enable authenticated access (J2EE role-based authorization) to Business Space, you must have a user registry configured and application security enabled.
You might want to consider changing the users assigned to administrative group roles for widgets such as Business Rules and Business Variables.
For example, for the Health Monitor widget, the following administrative roles all have monitoring permissions, all allow access to the administrative console, and therefore allow users assigned to those roles to access data in Health Monitor:
Users who are mapped to those administrative group roles have access to the data in Health Monitor. Users who are not mapped to those roles cannot access the data in Health Monitor.