This topic describes how to assign users and groups to roles if you are using WebSphere Application Server authorization for Java 2 Platform, Enterprise Edition (J2EE) roles.
Before you begin
Before you perform this task:Because the default active user registry is Local OS, it is recommended that you enable security if you want to use the Local OS user registry to assign users and groups to roles. You can enable security after the users and groups are assigned in this case. The advantage of enabling security with the appropriate user registry before proceeding with this task is that you can validate the security setup, which includes checking the user registry configuration, and avoid any problems using the registry.
Why and when to perform this task
These steps are common for both installing an application and modifying an existing application. If the application contains roles, you see the Map security roles to users and groups link during application installation and also during application management, as a link in the Additional properties section.
Steps for this task
Use the limit and the search strings cautiously so as not to overwhelm the user registry. When you use large user registries such as Lightweight Directory Access Protocol (LDAP) where information on thousands of users and groups resides, a search for a large number of users or groups can make the system slow and can make it fail. When more entries exist than requests for entries, a message displays on top of the panel. You can refine your search until you have the required list.
For example, if the user1 user is assigned to the role1 RunAs role and you try to remove the user1 user from the role1 role, the administrative console validation does not delete the user. A user can only be part of a RunAs role if the user is already in a role either directly or indirectly through a group. In this case, the user1 user is in the role1 role. For more information on the validation checks that are performed between RunAs role mapping and user and group mapping to roles, see Assigning users to RunAs roles.
Result
The user and group information is added to the binding file in the application. This information is used later for authorization purposes.What to do next
This task is required to assign users and groups to roles, which enables the correct users and groups to access a secured application. If you are installing an application, complete your installation. After the application is installed and running you can access your resources according to the user and group mapping that you did in this task. If you manage applications and modify the users and groups to role mapping, make sure you save, stop, and restart the application so that the changes become effective. Try accessing the J2EE resources in the application to verify that the changes are effective.Related tasks
Enabling security for all application servers
Securing applications during assembly and deployment