Authorizing access to resources in Liberty
The purpose of authorization is to determine whether a user or group has the necessary privileges to access a resource.
About this task
To learn about how authorization works in Liberty, see Authorization.
Subtopics
- Configuring authorization for applications in Liberty
Configuring authorization for your application is to verify whether a user or group belongs to a specified role, and whether this role has the privilege to access a resource. Enabling z/OS authorized services on Liberty for z/OS
Liberty on z/OS® offers the ability for your applications to take advantage of z/OS authorized services for System Authorization Facility (SAF) authorization, Workload Manager (WLM), Resource Recovery services (RRS), and SVCDUMP. If your application requires these services, set up a Liberty angel process and grant access for your Liberty server to use these services.Configuring distributed identity filters in z/OS security
Distributed identity filters must be configured when the mapDistributedIdentities attribute in the safCredentials configurations element is set to true.Securing optimized local adapters on Liberty for z/OS
In addition to configuring security on your Liberty server, you can further secure WebSphere® optimized local adapters (WOLA) connections with the System Authorization Facility (SAF) CBIND class, security parameters on the optimized local adapter APIs, and more.Configuring security authorization for Liberty servers on IBM i
Using the iAdmin GRANTAUTH command, you can authorize the QEJBSVR user profile to access the required resources for running the Liberty server.- OAuth
OAuth is an open standard for delegated authorization. With the OAuth authorization framework, a user can grant a third-party application access to their information stored with another HTTP service without sharing their access permissions or the full extent of their data.
Parent topic: Securing Liberty and its applications
Related concepts:

File name: twlp_sec_authorizing.html