Service integration bus security uses role-based authorization.
When messaging security, and topic level authorization is enabled, users and
groups must be authorized to access topics in a publish/subscribe topic hierarchy.
By adding users and groups to topic roles, you control access to a topic in
a selected topic space.
Before you begin
- The users and groups you want to add to topic space root roles must exist
in the user repository.
- Topic roles are effective only when the Topic Access Check
Required setting is enabled in the configuration for a topic space.
For more information, see Configuring bus destination properties.
About this task
Topics are organized into one or more hierarchies within a topic
space. If the
Topic Access Check Required setting is
enabled for the topic space, a user must have authorization to access the
topic itself. You can add access roles to a topic before it is created at
runtime. A topic inherits access roles from its parent unless you explicitly
block the inheritance. For more information, see
Enabling topic role inheritance.
In
this task you use an administrative console wizard to add users or groups
to the sender and receiver roles for a selected topic.
Procedure
- Log into the administrative console.
- Click .
The Topic space root panel lists
the users and groups that are assigned to role types for the selected topic.
- Click Add to start the Security wizard:
- Provide the following information to enable the wizard to identify
the users or groups that you want to add to role types for the selected topic:
- Resource
- Specify the name of the topic.
- Users or Groups
- Select either Users or Groups to
specify whether you want to grant access roles to users or groups.
- Search pattern
- This field is mandatory. Specify a search string that is matched against
user IDs or group names in the user repository. Only user IDs or group names
that match the search pattern are retrieved, subject to the maximum number
of search results. Wild card characters are allowed.
- Maximum number of search results to display
- This field is mandatory. Specify the maximum number of user IDs or group
names you want the administrative console to display.
- Click Next. The wizard lists
the users IDs or group names that match the information that you provided
in the previous step.
- Select the check boxes for the user IDs or group names that
you want to assign to roles for the selected topic.
- Click Next. The wizard lists
the topic role types that you can assign for the users or groups you selected
in the previous step. Role types might already have been assigned for a specific
user or group.
- Select the role types for each of the selected users or groups.
For example, to assign a user ID to the sender role, select the Sender icon
for that user ID. The icon changes from
to
to show that you have added the user or group to the access role for the resource.
- Click Next. A summary of
your role type assignments for the selected topic is displayed.
- If you want to change your assignments,
click Previous to return to the Select role
types step. Make changes to your assignments, and click Next to
return to the Confirm step.
- Click Finish to confirm your assignments
and save your changes to the master configuration.
Results
The updated role type assignments for the selected users or groups
are displayed in the Topic access roles panel.