Console groups and CORBA naming service groups
Use the Console Groups page to give groups specific authority to
administer the WebSphere Application Server using tools such as the administrative
console or wsadmin scripting. The authority requirements
are only effective when global security is enabled. Use the CORBA naming service
groups page to manage CORBA Naming Service groups settings.
To view the Console Groups administrative console page, click System
Administration > Console Groups.
To view the CORBA naming service groups administrative console page, click Environment
> Naming > CORBA Naming Service Groups.
- Group (Console groups)
- Specifies groups.
The ALL_AUTHENTICATED and the EVERYONE groups can have the following role
privileges: Administrator, Configurator, Operator, and Monitor.
Data type: |
String |
Range: |
ALL_AUTHENTICATED, EVERYONE |
- Group (CORBA naming service groups)
- Identifies CORBA naming service groups.
The ALL_AUTHENTICATED group has the following role privileges: CosNamingRead,
CosNamingWrite, CosNamingCreate, and CosNamingDelete. The EVERYONE group indicates
that the users in this group have CosNamingRead privileges only.
Data type: |
String |
Range: |
ALL_AUTHENTICATED, EVERYONE |
- Role (Console group)
- Specifies user roles.
The following administrative roles provide different degrees of authority
needed to perform certain WebSphere Application Server administrative functions:
- Administrator
- The administrator role has operator permissions, configurator permissions,
and the permission required to access sensitive data including server password,
LTPA password and keys, and so on.
- Configurator
- The configurator role has monitor permissions and can change the WebSphere
Application Server configuration.
- Operator
- The operator role has monitor permissions and can change the run-time
state. For example, the operator can start or stop services.
- Monitor
- The monitor role has the least permissions. This role primarily confines
the user to viewing the WebSphere Application Server configuration and current
state.
Data type: |
String |
Range: |
Administrator, Configurator, Operator, and Monitor |
- Role (CORBA naming service groups)
- Identifies naming service group roles.
A number of naming roles are defined to provide degrees of authority needed
to perform certain WebSphere naming service functions. The authorization policy
is only enforced when global security is enabled.
Four name space security roles are available: CosNamingRead, CosNamingWrite,
CosNamingCreate, and CosNamingDelete. The names of the four roles are the
same with WebSphere Advanced Edition, Version 4.0.2. However, the roles now
have authority levels from low to high:
- CosNamingRead
- Users can query the WebSphere name space using, for example, the Java
Naming and Directory Interface (JNDI) lookup method. The special-subject EVERYONE
is the default policy for this role.
- CosNamingWrite
- Users can perform write operations such as JNDI bind, rebind, or unbind,
and CosNamingRead operations. The special-subject ALL_AUTHENTICATED is the
default policy for this role.
- CosNamingCreate
- Users can create new objects in the name space through operations such
as JNDI createSubcontext and CosNamingWrite operations. The special-subject
ALL_AUTHENTICATED is the default policy for this role.
- CosNamingDelete
- Users can destroy objects in the name space, for example using the JNDI
destroySubcontext method and CosNamingCreate operations. The special-subject
ALL_AUTHENTICATED is the default policy for this role.
Data type: |
String |
Range: |
CosNamingRead, CosNamingWrite, CosNamingCreate, and
CosNamingDelete |

Administrative console buttons
Administrative console page features
Administrative console scope settings
Administrative console filter settings
Administrative console preference settings
Searchable topic ID:
useccongroup
Last updated: Jun 21, 2007 4:55:42 PM CDT
WebSphere Application Server Network Deployment, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/usec_congroup.html