Service integration bus security uses role-based authorization.
By adding users and groups to the destination roles for a secured bus, you
can control which users and group members can undertake messaging operations
at a bus destination.
Before you begin
Ensure that the following conditions are met:
- Security is enabled for the bus. For more information, see Securing buses.
- The users and groups that you want to add to destination roles must exist
already in the user repository.
About this task
By adding users or groups to the destination role, you grant the users
or groups authority to undertake the operation defined by the role at a selected
destination. The destination roles are sender, receiver, browser, and creator,
depending on the destination type.
In this task you use the administrative
console Security wizard to retrieve selected users or groups from the user
repository, and add them to destination roles for selected bus destinations.
Tip: To add a large number of users to destination roles, it is advisable
to create a group in the user repository, and add the group to the destination
roles.
Procedure
- Start the administrative console.
- Click .
A list of the destinations defined for the selected bus is displayed
in the Destinations panel.
- Select one or more destination to work with:
- Click a single destination name.
- Select the check boxes next to multiple destination names, and then
click Manage Access Roles.
The Destination access roles panel is displayed.
The information for each destination you have selected is displayed in a collapsed
section.
- Expand a destination header to list the users and groups that have
been assigned to roles for this destination. You can verify that
the user or group you want to add does not already have a role at this destination.
- Click Add to start the Security wizard.
The wizard takes you through the following steps to add selected users
or groups to access roles for the expanded destination:
- Search for the users or groups that you want to add to access
roles for the expanded destination:
- Users or Groups
- Select either Users or Groups to
specify whether you want to grant access roles to users or groups.
- Search pattern
- This field is mandatory. Specify a search string that is matched against
user IDs or group names in the user repository. Only user IDs or group names
that match the search pattern are retrieved, subject to the maximum number
of search results. Wildcard characters are allowed.
- Maximum number of search results to display
- This field is mandatory. Specify the maximum number of user IDs or group
names you want the administrative console to display.
- Click Next. The wizard displays
the users or groups in the user repository that match the information that
you provided in the previous step.
- Select the check boxes next to the user IDs or group names that
you want to add to access roles for the currently expanded destination, and
click Next. A list of user IDs or group
names that you can add to destination roles is displayed. Note that some users
or groups might already be assigned to access roles for this destination.
- Select the appropriate access role icon for the user ID or group
name that you want to add to the role at this destination. For
example, select the Receiver icon for a user ID or
group name that you want to add to the receiver role. The icon changes from
to
to show that you have added the user or group to the access role for the resource.
- Repeat the previous step to add more users or groups to access
roles for the currently expanded destination, and then click Next.
A summary of your access role assignments is displayed.
- Click Previous to
review and change your assignments, if required.
- Click Finish to confirm your assignments.
- Repeat steps 4 and 5 for each destination you want to work with.
- Save your changes to the master configuration.
Results
The selected users and groups are added to the access roles for the
currently expanded destination. The new access role assignments are displayed
in the Destination access roles panel.
Example
A group called MyGroup receives messages from three queues, Queue
1, Queue 2, and Queue 3. If you want the group MyGroup to produce and consume
messages at an additional destination, Queue 4, you add MyGroup to Queue 4,
and then add MyGroup to the sender and receiver roles for Queue 4.
What to do next
Use the administrative console to complete other security administrative
tasks.