WebSphere WebSphere Application Server Network Deployment, Version 6.0.x Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Administering authorization permissions

Messaging security uses role-based authorization. When a user is assigned to a role, the user is granted all of the permissions that the role contains. By administering authorization permissions, you can control user access to a bus and its resources when messaging security is switched on.

You administer authorization permissions using a scripting tool called wsadmin. This tool is described in wsadmin tool. For more information about scripting, see Getting started with scripting. For guidance on the type of changes you may need to make to authorization permissions, refer to Planning your security requirements.
When a bus is created, an initial set of default authorization permissions is created that allows all authenticated users to connect to the bus, and grants them full access to all local destinations on the bus. You can change the default authorization permissions to restrict access to a local bus to a specific set of users. Note that by default, when security is enabled, users to do not have access to a foreign bus. You need to explicitly add a specific user to the foreign bus access list. For details of the task, see Adding users and groups to foreign bus roles.

You can make changes to authorization permissions when messaging security is enabled or disabled. Any changes that you make when security is disabled will not have any effect until security is enabled, as described in Enabling and disabling messaging security.

The following syntax is used for the commands. For details of the command properties, see the topics listed below.
variable
A variable, for which you type a value. The commands use the following variables
  • destinationType
  • busName
  • foreignBusName
  • destinationName
  • topicSpaceName
  • topicName
  • roleName
  • userName
  • groupName
.
<true|false>
A choice of options, from which you type one value (that is, either true or false).

To configure permissions, complete the following steps using the wsadmin tool:

  1. Open a wsadmin command session.
  2. Type the required command.

Use the commands in the topics listed below to configure the authorization permissions for a bus to meet your security requirements.

Related tasks
Enabling and disabling messaging security
Configuring connections
Securing messages between messaging buses
Controlling which messaging engines can connect to a bus
Controlling which foreign buses can link to your bus
Securing database access
Securing mediations

Task topic

Terms of Use | Feedback

Last updated: 5 Oct 2005
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.pmc.nd.doc\tasks\tjr0380_.html

© Copyright IBM Corporation 2004, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)