Adding users and groups to temporary destination prefix roles

Service integration bus security uses role-based authorization. The messaging engine uses the temporary destination prefix at runtime to determine whether a client application is authorize to create, or send messages to a particular temporary destination. By adding users and groups to temporary destination prefix roles for a selected bus, you can control which users and groups can create temporary destinations, and send messages to them.

Before you begin

The users and groups that you want to add to temporary destination prefix roles must already exist in the user repository.

About this task

By default, the bus security configuration does not contain any temporary destination prefixes. In this task, you use the administrative console Security wizard to first add a new temporary destination prefix, and then add users and groups to the sender role for the new temporary destination prefix. Note that the creator role is assigned by default to the creator of the temporary destination; you cannot use the administrative console to add users and groups to the creator role. By default, members of the All Authenticated group have authority in the creator role for temporary destination prefixes.

Procedure

  1. Log into the administrative console. The Temporary destination prefixes panel lists all the temporary destination prefixes defined for the selected bus. By default, this list is empty.
  2. Click 服務整合 -> 匯流排 -> security_value -> [授權原則] 管理暫時的目的地字首存取角色
  3. Click Add to start the Security wizard:
    1. Define the name of the temporary destination prefix, and identify the users or groups that you want to add to the sender role for the temporary destination prefix:
      Resource
      This field is mandatory. Specify a name for the new temporary destination prefix.
      Users or Groups
      Select either Users or Groups to specify whether you want to grant access roles to users or groups.
      Search pattern
      This field is mandatory. Specify a search string that is matched against user identities or group names in the user repository. Only user identities or group names that match the search pattern are retrieved, subject to the maximum number of search results. Wild card characters are allowed.
      Maximum number of search results to display
      This field is mandatory. Specify the maximum number of user identities or group names you want the administrative console to display.
    2. Click Next. The wizard displays the users or groups in the user repository that match the information that you provided in the previous step.
    3. Select the check boxes for the user identities or group names that you want to assign to the sender role for the temporary destination prefix, and click Next. Note that you cannot assign users and groups to the creator role; it is assigned by default.
    4. Select the Sender icon for each user identity or group name that you want to add to the sender role. 圖示從 這是未指派角色類型的圖示。它是含邊框的空白框。改成這是已指派角色類型的圖示。它在框中含有勾號。 顯示您已新增使用者或群組到資源的存取角色中。
    5. Click Next. A summary of your role type assignments is displayed.
    6. Optional: Click Previous to review and change your role type assignments. Make your changes on the Select role types page, and then click Next. Note that you cannot change the name of the temporary destination prefix.
    7. Click Finish to confirm your assignments. The role type assignments are saved to the master configuration, and the new assignments are displayed in the Temporary destination prefixes panel.
  4. 儲存對主要配置所做的變更。

Results

The selected users, groups, and group members are added to the sender role for the selected temporary destination prefix roles. The Manage access roles panel displays the new access roles.

指出主題類型的圖示 作業主題



時間戳記圖示 前次更新: July 9, 2016 11:16
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=tjr_dest_prefix_roles_add
檔名:tjr_dest_prefix_roles_add.html