Before you begin
Before you perform this task, you should have already completed the steps in the Securing Web applications and Securing EJB applications articles where you created new roles and assigned those roles to EJB and Web resources. Complete these steps during application installation. This is because the environment (user registry) under which the application is running is not known until deployment. If you already know the environment in which the application is running and the user registry that is used, then you can use the Application Assembly Tool (AAT) to assign users and groups to roles. Using the administrative console to assign users and groups to roles is recommended. (The following information applies to authorization using WebSphere bindings. If you've created WebSphere bindings but have specified SAF authorization, the websphere bindings will be ignored.) If SAF authorization is to be used, you must create a SAF EJBROLE profile for each J2EE role in your application, and permit users and groups to that role. Refer to EJBROLES and GEJBROLES for reference.Steps for this task
Results
The ibm-application-bnd.xmi file in the application contains the users and groups to roles mapping table (authorization table).Example
What to do next
After securing an application, use the Application Assembly Tool (AAT). You can install an application using the administrative console.