Service integration bus security uses role-based authorization.
The messaging engine uses the temporary destination prefix at runtime to determine
whether a client application is authorize to create, or send messages to a
particular temporary destination. By adding users and groups to temporary
destination prefix roles for a selected bus, you can control which users and
groups can create temporary destinations, and send messages to them.
Before you begin
The users and groups that you want to add to temporary destination
prefix roles must already exist in the user repository.
About this task
By default, the bus security configuration does not contain any
temporary destination prefixes. In this task, you use the administrative console Security wizard
to first add a new temporary destination prefix, and then add users and groups
to the sender role for the new temporary destination prefix. Note that the
creator role is assigned by default to the creator of the temporary destination;
you cannot use the administrative console to add users and groups to the creator
role. By default, members of the All Authenticated group have authority in
the creator role for temporary destination prefixes.
Procedure
- Log into the administrative console. The Temporary
destination prefixes panel lists all the temporary destination
prefixes defined for the selected bus. By default, this list is empty.
- Click
- Click Add to start the Security wizard:
- Define the name of the temporary destination prefix, and identify
the users or groups that you want to add to the sender role for the temporary
destination prefix:
- Resource
- This field is mandatory. Specify a name for the new temporary destination
prefix.
- Users or Groups
- Select either Users or Groups to
specify whether you want to grant access roles to users or groups.
- Search pattern
- This field is mandatory. Specify a search string that is matched against
user identities or group names in the user repository. Only user identities
or group names that match the search pattern are retrieved, subject to the
maximum number of search results. Wild card characters are allowed.
- Maximum number of search results to display
- This field is mandatory. Specify the maximum number of user identities
or group names you want the administrative console to display.
- Click Next. The wizard displays
the users or groups in the user repository that match the information that
you provided in the previous step.
- Select the check boxes for the user identities or group names
that you want to assign to the sender role for the temporary destination prefix,
and click Next. Note that you cannot assign
users and groups to the creator role; it is assigned by default.
- Select the Sender icon for each user
identity or group name that you want to add to the sender role. The icon changes from
to
to show that you have added the user or group to the access role for the resource.
- Click Next. A summary of
your role type assignments is displayed.
- Click Previous to
review and change your role type assignments. Make your changes
on the Select role types page, and then click Next.
Note that you cannot change the name of the temporary destination prefix.
- Click Finish to confirm your assignments.
The role type assignments are saved to the master configuration,
and the new assignments are displayed in the Temporary destination
prefixes panel.
- Save your changes to the master configuration.
Results
The selected users, groups, and group members are added to the sender
role for the selected temporary destination prefix roles. The Manage
access roles panel displays the new access roles.