InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications >
6.6.18.0: General security properties >
6.6.18.0.8: Properties for Select Users/Groups window

6.6.18.0.8: Properties for Select Users/Groups window

Key:
Property name in the Java-based administrative console Applies to Java administrative console of Advanced Edition Version 4.0
Property name in the Web-based administrative console Applies to Web administrative console of Advanced Single Server Edition Version 4.0
Property name in the application client resource configuration tool Applies to Application Client Resource Configuration Tool

The following three options can be selected in any combination. See below for important usage notes.

Everyone  Property name in the Java-based administrative console
Grants anyone and everyone the access to the role. This choice basically provides no security protection.
All Authenticated Users  Property name in the Java-based administrative console
Grants users who are authenticated access to the resource.
Select Users/Groups  Property name in the Java-based administrative console
Grants users or groups whom you select access to the role.

Generally, it is preferable to grant groups rather than individual users access to a role. It is easier to manage roles mapped to groups because there are typically fewer groups than users, users can be added to or removed from groups outside of WebSphere, and the authorization table has fewer entries, which can improve performance.

Usage notes

  • If "Everyone" is selected then any other selections will be ignored.
  • If "All authenticated users" is selected, but "Everyone" is not, then "Select users/groups" will be ignored.
  • When "Select users/groups" is selected, the search button can be used to select users and groups using a pattern.

    For better performance, avoid using general wildcard search (* for example) if the target registry contains a large number of users or groups. Currently, only the first 1000 users and the first 1000 groups will be displayed. The display name is attached to the security name in the "Available Users/Groups" panel.

Go to previous article: Properties for LDAP support Go to next article: Advanced properties for LDAP support

 

 
Go to previous article: Properties for LDAP support Go to next article: Advanced properties for LDAP support