addGroupToDefaultRole command
Use the addGroupToDefaultRole command to add a group to the default roles for a local bus.
如果要執行這個指令,請使用 wsadmin Scripting 用戶端的 AdminTask 物件。
wsadmin Scripting 用戶端是從 Qshell 執行.
如需相關資訊,請參閱利用 wsadmin Script 配置 Qshell 來執行 WebSphere Script.
只有在搭配 WebSphere® Application Server 7.0 版或更新版本應用程式伺服器使用時,這個指令才有效。 請勿搭配較舊的版本來使用它。
- 如需 Jython 中可用的服務整合匯流排安全指令清單,以及每個指令的簡要說明,請在 wsadmin 提示下,輸入下列指令:
print AdminTask.help('SIBAdminBusSecurityCommands')
- 如需給定指令的概觀說明,請在 wsadmin 提示下,輸入下列指令:
print AdminTask.help('command_name')
AdminConfig.save()
Purpose
Use the addGroupToDefaultRole command to grant a group default access to all local bus destinations for the specified roles. Adding a group to the default role does not grant access to local destinations where the inheritance of default access is disallowed. To grant access to a local destination where inheritance is disallowed, you must add the group to a destination role. For more information, see addGroupToDestinationRole command.
You can use this command to define the access control policy for a messaging resource that does not yet exist. This approach ensures that the messaging resource is secure from the moment it is created.
Target object
None.
Required parameters
- -bus busName
- The name of the local bus. You can use the listSIBuses command to list the names of existing buses.
- -role roleType
- The role type to which you want to assign the group. You can assign
a group to the following role types:
- Sender
- This role type is authorized to send messages to destinations on the local bus.
- Receiver
- This role type is authorized to receive messages from destinations on the local bus.
- Browser
- This role type is authorized to browse messages on destinations on the local bus.
- Creator
- This role type is authorized to create messages on destinations on the local bus.
- -group groupName
- The name of a group you want to add to default roles for the local
bus. You can type a specific group name, or use one of the following
specialized group names:
- Server
- This group contains application servers.
- AllAuthenticated
- This group contains authenticated users only.
- Everyone
- This group contains all users. Each user is anonymous.
Conditional parameters
None.
Optional parameters
- -uniqueName uniqueName
- 請指定在使用者登錄中,用來唯一定義群組的名稱。 如果 LDAP 使用者登錄在使用中,唯一名稱就是群組的識別名稱 (DN)。 您可以指定 -uniqueName 和 -group 的值,但您必須確定它們識別相同的群組。指令不會檢查值是否相符。
Examples
The following example adds a group with the group name Group1, and the unique name SalesGroup, to the sender role type for a bus called Bus1.
AdminTask.addGroupToDefaultRole ('[-bus Bus1 -role Sender -group Group1 uniqueName SalesGroup]')
The following example adds the AllAuthenticated group to the browser role for a bus called Bus1.
AdminTask.addGroupToDefaultRole ('[-bus Bus1 -role Browser -group AllAuthenticated]')