Administering authorization permissions

Service integration messaging security uses role-based authorization. When a user is assigned to a role, the user is granted all of the permissions that the role contains. By administering authorization permissions, you can control user access to a bus and its resources when messaging security is enabled.

Before you begin

For guidance on security authorization for a service integration bus, refer to Service integration security planning.

About this task

When a bus is created, a set of default authorization roles is created. Default roles provide authenticated users who have the bus connector role with full access to all local destinations on the bus. By default, only members of the Server group have the bus connector role. If a specific user needs to connect to the bus, you must explicitly add that user to the bus connector role.
You can make changes to authorization permissions when messaging security is enabled or disabled. Any changes that you make when security is disabled do not have any effect until security is enabled, as described in Disabling bus security.
LDAP Registry Tip: When you specify the group authorization permissions, the group distinguished name (DN) must be used. If you specify a common name (CN) for the group name, users in that group do not have the specified authorities. For more details see Stand-alone Lightweight Directory Access Protocol registries.

When security is enabled, by default users cannot connect to a foreign bus. If a specific user needs to connect to a foreign bus, you must explicitly add that user to the foreign bus access list.

Use the following tasks to administer authorization permissions for a bus to meet your security requirements.

Task topic    

Terms of Use | Feedback

Last updated: Oct 20, 2010 7:53:43 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-dist&topic=tjr0380_
File name: tjr0380_.html