InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications >
6.6.18.1: Securing applications >
6.6.18.1.1e: Configuring permissions

6.6.18.1.1e: Configuring permissions

  1. Start the Configure Permissions task by one of two methods:
    • By clicking Console -> Tasks -> Configure Permissions from the console menu bar.
    • By clicking Configure Permissions from the drop-down list on the Wizards toolbar button.
  2. Click a permission, such as AnyApplicationName-ReadMethods.

    The administrator can view permissions by application or by method group:

    • Viewing by application shows only the permissions associated with a particular application, such as:
      • Application_A-CreateMethods
      • Application_A-WriteMethods
      • Application_A-CustomMethodGroup
    • Viewing by method group shows only the permissions associated with a particular method group, such as:
      • Application_A-CreateMethods
      • Application_B-CreateMethods
      • Application_C-CreateMethods
  3. Click the Add button to produce a search dialog.
  4. Use the search dialog to give permission to everyone or selected users or groups. You can search for a user or group in your local operating system user registry or directory service product.
  5. When finished with the search dialog, click the OK button.
  6. Back in the main console window, verify that the user or group is listed under the permission you granted to the user or group.

When finished configuring method groups, exit the task by clicking any other resource or task in the administrative console.

Securing WebSphere administrative accounts

Ability to administer WebSphere Application Server after it has been secured is governed by a Web application. You can set up an initial account and additional administrative accounts to access the secured product. See the information about administrative accounts for details and instructions.

Setting permissions to authenticiate against local and domain registries (Windows)

WebSphere Application Server security supports authentication both against the domain registry and the local registry of a supported, Windows-based machine. The administrator can force authentication against the local registry by setting permissions appropriately.

If a machine is part of a Windows domain, when a user authenticates to WebSphere Application Server security, the user is first authenticated against the domain registry. If that fails, the user is authenticated against the local operating system registry.

If the user exists in both the local and domain registries, and authorization has been granted to the local user, it becomes necessary to qualify the user name when logging on to WebSphere security.

For an example of the implications of setting permissions, suppose a machine named "LOCAL" belongs to a domain named "DOMAIN." The users "user1" and "user2" exist in both the LOCAL and DOMAIN registries:

  • LOCAL\user1
  • LOCAL\user2
  • DOMAIN\user1
  • DOMAIN\user2

Suppose the WebSphere administrator configures permissions such that the following users can access a WebSphere resource:

  • LOCAL\user1
  • DOMAIN\user2

When user1 logs on to access a resource, he or she must specify LOCAL\user1 (not simply user1) as the user name for successful authentication. When user2 logs on, he or she can specify simply user2.

Go to previous article: Securing applications Go to next article: Default method groups

 

 
Go to previous article: Securing applications Go to next article: Default method groups