[Version 5.0.2]Adding users and groups to roles using the Application Assembly Tool

Before you begin

Before you perform this task, you should have already completed the steps in the Securing Web applications and Securing EJB applications articles where you created new roles and assigned those roles to EJB and Web resources. Complete these steps during application installation. This is because the environment (user registry) under which the application is running is not known until deployment. If you already know the environment in which the application is running and the user registry that is used, then you can use the Application Assembly Tool (AAT) to assign users and groups to roles. Using the administrative console to assign users and groups to roles is recommended. (The following information applies to authorization using WebSphere bindings. If you've created WebSphere bindings but have specified SAF authorization, the websphere bindings will be ignored.) If SAF authorization is to be used, you must create a SAF EJBROLE profile for each J2EE role in your application, and permit users and groups to that role. Refer to EJBROLES and GEJBROLES for reference.

Steps for this task

  1. Open the application file. Open the application file by clicking File > Open. Browse and select the application file.
  2. Open the application folder.
  3. Click Security Roles.
  4. Click the Bindings tab on the right hand side panel.
  5. Select a role from the right navigation top panel.
  6. Add a group to role by clicking Add under Groups and type in a group name. Click OK. Repeat this operation to add more groups.
  7. Add a user to a role by clicking Add under Users. Type a user name and click OK. Repeat this operation to add more users.
  8. Add a special subject (All authenticated users or Everyone) to a role. Click Add under Special Subjects and select All authenticated users or Everyone as required. Click OK. When All authenticated users or Everyone special subjects is assigned to a role, you can skip steps 6 and 7 for that role.
  9. Repeat steps 5 through 8 for all the roles.
  10. Click Apply when done.

Results

The ibm-application-bnd.xmi file in the application contains the users and groups to roles mapping table (authorization table).

Example

What to do next

After securing an application, use the Application Assembly Tool (AAT). You can install an application using the administrative console.

Related concepts
Web component security
Role-based authorization
EJBROLES and GEJBROLES
Related reference
Security: Resources for learning



Searchable topic ID:   tsecaddusers
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/tsec_addusers.html

Library | Support | Terms of Use | Feedback