Access control refers to ensuring that an authenticated user has the permissions necessary to access resources or to perform a specific operation.
When a general user is authenticated to WebSphere® ESB, it is important for security that not every possible operation is available to that user. Allowing some users to perform certain tasks, while denying these tasks to other users, is termed access control.
Access control can be arranged for components that you develop to make them secure. You do this by using service component architecture qualifiers at development time. See the WebSphere Integration Developer Information Center for more information.
Some WebSphere ESB components, packaged as enterprise archive (EAR) files, secure their operation using J2EE role-based security. Details of these components are provided.
In contrast to J2EE role-based security, which secures the operation of components, role-based access control secures resources. For example, within Business Calendar Manager, you can specify the type of access that users have to individual timetables. You use the Security Manager in Business Space to specify, for each timetable, the owner of the timetable as well as those who have writer and reader access to the timetable.
The Business Process Choreographer and the Common Event Infrastructure are installed as part of WebSphere ESB. The role-based security associated with these components is outlined in detail in subsequent topics.
EAR file | J2EE Role | User Assignment |
---|---|---|
BPCExplorer_scope | WebClientUser | All Authenticated |
BPCArchiveExplorer_scope | WebClientUser | All Authenticated |
BPEContainer_scope | BPEAPIUser | All Authenticated |
BPESystemAdministrator | Whatever was specified during configuration. | |
BPESystemMonitor | Whatever was specified during configuration. | |
CleanupUser | A user ID that was specified during configuration, or empty. | |
JMSAPIUser | The user ID that was specified during configuration. | |
REST Services Gateway | RestServicesUser | All Authenticated |
TaskContainer_scope | TaskAPIUser | All Authenticated |
TaskSystemAdministrator | Whatever was specified during configuration. This must have the same assignment as BPESystemAdministrator. | |
TaskSystemMonitor | Whatever was specified during configuration. This must have the same assignment as BPESystemMonitor. | |
EscalationUser | The user ID that was specified during configuration. | |
CleanupUser | A user ID that was specified during configuration, or empty. | |
wpsFEMgr_6.2.0 | WBIOperator | Everyone |
EventService (*) | eventAdministrator | All Authenticated |
eventConsumer | All Authenticated | |
eventUpdater | All Authenticated | |
eventCreator | All Authenticated | |
catalogAdministrator | All Authenticated | |
catalogReader | All Authenticated |
Depending on the deployment target, scope is either node_server or cluster.