Administering destination roles

Service integration bus security uses role-based authorization. When messaging security is enabled, users and groups must have authority to undertake messaging operations, at a bus destination. By administering destination roles, you can control which users and groups can undertake operations at a bus destination, and the types of operations that they can perform.

About this task

You use the administrative console to administer users and groups in access roles for a destination. The access roles available for a destination depend on the type of destination. The table below lists the roles that you can assign for each destination type:
Table 1. Destination roles
Destination type Access roles
queue sender, receiver, browser, creator
port sender, receiver, browser, creator
webService sender, receiver, browser, creator
topicSpace sender, receiver
foreignDestination sender
alias sender, receiver, browser
In addition to controlling which users and groups have access to a specific local or foreign destination, you can also control the inheritance of access roles for a specific local destination. In this case, the default access roles that apply to all the destinations in the local bus namespace are added to any access roles that have been added for a specific destination.

Use the following tasks to administer destination roles.

What to do next

  • Listing users and groups in destination roles

    Service integration bus security uses role-based authorization. By listing the users and groups in the destination roles for a selected secured bus, you can find out which users and groups are authorized to access the bus, and its resources.

  • Adding users and groups to destination roles

    Service integration bus security uses role-based authorization. By adding users and groups to the destination roles for a secured bus, you can control which users and group members can undertake messaging operations at a bus destination.

  • Removing users and groups from destination roles

    Service integration bus security uses role-based authorization. By removing users and groups from the destination roles for a secured bus, you can prevent those users and group members from performing messaging operations on the bus.

  • Restoring default inheritance for a destination

    Service integration bus security uses role-based authorization. By default, all local destinations inherit access roles from the default resource. If default inheritance has been previously overridden, you can restore it for a selected destination.

  • Overriding inheritance from the default resource for a destination

    Service integration bus security uses role-based authorization. By default, local destinations can inherit access roles from the default resource. If you do not want users and groups in the default access role to access a particular destination, you can override default inheritance for a selected destination.

Task topic    

Terms of Use | Feedback

Last updated: Oct 22, 2010 12:21:29 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-zos&topic=tjr0110_
File name: tjr0110_.html