Adding users and groups to temporary destination prefix roles

Service integration bus security uses role-based authorization. The messaging engine uses the temporary destination prefix at runtime to determine whether a client application is authorize to create, or send messages to a particular temporary destination. By adding users and groups to temporary destination prefix roles for a selected bus, you can control which users and groups can create temporary destinations, and send messages to them.

Before you begin

The users and groups that you want to add to temporary destination prefix roles must already exist in the user repository.

About this task

By default, the bus security configuration does not contain any temporary destination prefixes. In this task, you use the administrative console Security wizard to first add a new temporary destination prefix, and then add users and groups to the sender role for the new temporary destination prefix. Note that the creator role is assigned by default to the creator of the temporary destination; you cannot use the administrative console to add users and groups to the creator role. By default, members of the All Authenticated group have authority in the creator role for temporary destination prefixes.

Procedure

  1. Log into the administrative console. The Temporary destination prefixes panel lists all the temporary destination prefixes defined for the selected bus. By default, this list is empty.
  2. Click Service integration -> Buses -> security_value -> [Authorization Policy] Manage temporary destination prefix access roles
  3. Click Add to start the Security wizard:
    1. Define the name of the temporary destination prefix, and identify the users or groups that you want to add to the sender role for the temporary destination prefix:
      Resource
      This field is mandatory. Specify a name for the new temporary destination prefix.
      Users or Groups
      Select either Users or Groups to specify whether you want to grant access roles to users or groups.
      Search pattern
      This field is mandatory. Specify a search string that is matched against user identities or group names in the user repository. Only user identities or group names that match the search pattern are retrieved, subject to the maximum number of search results. Wild card characters are allowed.
      Maximum number of search results to display
      This field is mandatory. Specify the maximum number of user identities or group names you want the administrative console to display.
    2. Click Next. The wizard displays the users or groups in the user repository that match the information that you provided in the previous step.
    3. Select the check boxes for the user identities or group names that you want to assign to the sender role for the temporary destination prefix, and click Next. Note that you cannot assign users and groups to the creator role; it is assigned by default.
    4. Select the Sender icon for each user identity or group name that you want to add to the sender role. The icon changes from This is the role type not assigned icon. It is a clear box with a border. to This is the role type assigned icon. It is a tick in a box. to show that you have added the user or group to the access role for the resource.
    5. Click Next. A summary of your role type assignments is displayed.
    6. Click Previous to review and change your role type assignments. Make your changes on the Select role types page, and then click Next. Note that you cannot change the name of the temporary destination prefix.
    7. Click Finish to confirm your assignments. The role type assignments are saved to the master configuration, and the new assignments are displayed in the Temporary destination prefixes panel.
  4. Save your changes to the master configuration.

Results

The selected users, groups, and group members are added to the sender role for the selected temporary destination prefix roles. The Manage access roles panel displays the new access roles.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms of Use | Feedback

Last updatedLast updated: Sep 19, 2011 7:16:32 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-express-iseries&topic=tjr_dest_prefix_roles_add
File name: tjr_dest_prefix_roles_add.html