Service integration bus security uses role-based authorization.
The messaging engine uses the temporary destination prefix at runtime
to determine whether a client application is authorize to create,
or send messages to a particular temporary destination. By adding
users and groups to temporary destination prefix roles for a selected
bus, you can control which users and groups can create temporary destinations,
and send messages to them.
Before you begin
The users and groups that you want to add to temporary destination
prefix roles must already exist in the user repository.
About this task
By default, the bus security configuration does not contain
any temporary destination prefixes. In this task, you use the administrative
console Security wizard to first add a new temporary
destination prefix, and then add users and groups to the sender role
for the new temporary destination prefix. Note that the creator role
is assigned by default to the creator of the temporary destination;
you cannot use the administrative console to add users and groups
to the creator role. By default, members of the All Authenticated
group have authority in the creator role for temporary destination
prefixes.
Procedure
- Log into the administrative console. The Temporary
destination prefixes panel lists all the temporary destination
prefixes defined for the selected bus. By default, this list is empty.
- Click
- Click Add to start the Security wizard:
- Define the name of the temporary destination prefix,
and identify the users or groups that you want to add to the sender
role for the temporary destination prefix:
- Resource
- This field is mandatory. Specify a name for the new temporary
destination prefix.
- Users or Groups
- Select either Users or Groups to
specify whether you want to grant access roles to users or groups.
- Search pattern
- This field is mandatory. Specify a search string that is matched
against user identities or group names in the user repository. Only
user identities or group names that match the search pattern are retrieved,
subject to the maximum number of search results. Wild card characters
are allowed.
- Maximum number of search results to display
- This field is mandatory. Specify the maximum number of user identities
or group names you want the administrative console to display.
- Click Next. The wizard
displays the users or groups in the user repository that match the
information that you provided in the previous step.
- Select the check boxes for the user identities or group
names that you want to assign to the sender role for the temporary
destination prefix, and click Next. Note
that you cannot assign users and groups to the creator role; it is
assigned by default.
- Select the Sender icon for each
user identity or group name that you want to add to the sender role. 圖示從
改成
顯示您已新增使用者或群組到資源的存取角色中。
- Click Next. A summary
of your role type assignments is displayed.
- Optional: Click Previous to
review and change your role type assignments. Make your
changes on the Select role types page, and then
click Next. Note that you cannot change the
name of the temporary destination prefix.
- Click Finish to confirm your
assignments. The role type assignments are saved to the
master configuration, and the new assignments are displayed in the Temporary
destination prefixes panel.
- 儲存對主要配置所做的變更。
Results
The selected users, groups, and group members are added to
the sender role for the selected temporary destination prefix roles.
The
Manage access roles panel displays the new
access roles.