Service integration messaging security uses role-based
authorization. When a user is assigned to a role, the user is granted
all of the permissions that the role contains. By administering authorization
permissions, you can control user access to a bus and its resources
when messaging security is enabled.
About this task
When a bus is created, a set of default authorization roles
is created. Default roles provide authenticated users who have the
bus connector role with full access to all local destinations on the
bus. By default, only members of the Server group have the bus connector
role. If a specific user needs to connect to the bus, you must explicitly
add that user to the bus connector role.
You can make changes to
authorization permissions when messaging security is enabled or disabled.
Any changes that you make when security is disabled do not have any
effect until security is enabled, as described in
Disabling bus security.
LDAP Registry Tip: When you specify the group
authorization permissions, the group distinguished name (DN) must
be used. If you specify a common name (CN) for the group name, users
in that group do not have the specified authorities. For more details
see
Standalone Lightweight Directory Access Protocol registries.
When security
is enabled, by default users cannot connect to a foreign bus. If a
specific user needs to connect to a foreign bus, you must explicitly
add that user to the foreign bus access list.
Use the following
tasks to administer authorization permissions for a bus to meet your
security requirements.