addGroupToDefaultRole command
Use the addGroupToDefaultRole command to add a group to the default roles for a local bus.
Para executar o comando, utilize o objeto AdminTask do cliente de script wsadmin.
O cliente de script wsadmin é executado do Qshell.
Para obter informações adicionais, consulte Configurando o Qshell para Executar Scripts do WebSphere Usando o Script wsadmin.
Esse comando é válido apenas quando utilizado com servidores de aplicativos WebSphere® Application Server Versão 7.0 ou posterior. Não o utilize com versões anteriores.
- Para obter uma lista dos comandos de segurança do barramento de integração de
serviços disponíveis no Jython e uma breve descrição de cada comando, digite o seguinte
comando no prompt wsadmin:
print AdminTask.help('SIBAdminBusSecurityCommands')
- Para obter ajuda de visão geral sobre um determinado comando, digite o seguinte comando no prompt wsadmin:
print AdminTask.help('command_name')
AdminConfig.save()
Purpose
Use the addGroupToDefaultRole command to grant a group default access to all local bus destinations for the specified roles. Adding a group to the default role does not grant access to local destinations where the inheritance of default access is disallowed. To grant access to a local destination where inheritance is disallowed, you must add the group to a destination role. For more information, see addGroupToDestinationRole command.
You can use this command to define the access control policy for a messaging resource that does not yet exist. This approach ensures that the messaging resource is secure from the moment it is created.
Target object
None.
Required parameters
- -bus busName
- The name of the local bus. You can use the listSIBuses command to list the names of existing buses.
- -role roleType
- The role type to which you want to assign the group. You can assign
a group to the following role types:
- Sender
- This role type is authorized to send messages to destinations on the local bus.
- Receiver
- This role type is authorized to receive messages from destinations on the local bus.
- Browser
- This role type is authorized to browse messages on destinations on the local bus.
- Creator
- This role type is authorized to create messages on destinations on the local bus.
- -group groupName
- The name of a group you want to add to default roles for the local
bus. You can type a specific group name, or use one of the following
specialized group names:
- Server
- This group contains application servers.
- AllAuthenticated
- This group contains authenticated users only.
- Everyone
- This group contains all users. Each user is anonymous.
Conditional parameters
None.
Optional parameters
- -uniqueName uniqueName
- Especifique o nome que define exclusivamente o grupo no registro do usuário. Se um registro do usuário LDAP estiver em uso, o nome exclusivo será o DN (nome distinto) para o grupo. É possível especificar valores para -uniqueName e -group, mas você deve assegurar-se de que eles identifiquem o mesmo grupo. O comando não verifica se os valores correspondem.
Examples
The following example adds a group with the group name Group1, and the unique name SalesGroup, to the sender role type for a bus called Bus1.
AdminTask.addGroupToDefaultRole ('[-bus Bus1 -role Sender -group Group1 uniqueName SalesGroup]')
The following example adds the AllAuthenticated group to the browser role for a bus called Bus1.
AdminTask.addGroupToDefaultRole ('[-bus Bus1 -role Browser -group AllAuthenticated]')