WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Mapping users to roles

Use this page to specify the users and groups that are mapped to the security roles that are used with the enterprise application.

To view this administrative console page, click Application > Install new application.

While using the Install New Application Wizard, prompts appear to help you map security roles to users. You also can configure security roles to user mappings of deployed applications. Different roles can have different security authorizations. Mapping users or groups to a role authorizes those users or groups to access applications defined by the role. Users, groups, and roles are defined when an application is installed or configured.

You also can select role to user and group mappings while you are deploying applications. After deployment, click Map security roles to users/groups under Additional properties to change user and group mappings to a role.

Look up users

Enables the server to locate the users that you can define for a particular security role.

Select the check box beside the role and click Look up users. Complete the Limit and the Search string fields. The Limit field contains the number of entries that the search function returns. The Search string field contains the search pattern used for searching entries. For example, bob* searches all users or groups starting with bob. A limit of zero returns all the entries that match the pattern. Use this value only when a small number of users or groups match this pattern in the registry. If the registry contains more entries that match the pattern than requested, a message appears in the console to indicate that there are more entries in the registry. You can either increase the limit or refine the search pattern to get all the entries.

Look up groups

Enables the server to locate the groups that you can define for a particular security role.

Select the check box beside the role and clickLook up groups. Complete the Limit and the Search string fields. The Limit field contains the number of entries that the search function returns. The Search stringu field contains the search pattern used for searching entries. For example, bob* searches all users or groups starting with bob. A limit of zero returns all the entries that match the pattern. Use this value only when a small number of users or groups match this pattern in the registry. If the registry contains more entries that match the pattern than requested, a message appears in the console to indicate that there are more entries in the registry. You can either increase the limit or refine the search pattern to get all the entries.

Configuration tab

Role

Specifies user roles.

A number of administrative roles are defined to provide degrees of authority needed to perform certain WebSphere administrative functions from either the Web-based administrative console or the system management scripting interface. The authorization policy is only enforced when global security is enabled. These administrative roles are defined during the application assembly stage. For more information on the assembly tools supported by WebSphere Application Server, see "Assembly tools".

Everyone?

Specifies whether to map the roles to everyone. Mapping a role to everyone means that anyone can access resources protected by this role, and essentially, there is no security.

All authenticated?
Mapped users

Lists the users that are mapped to the specified role within this application.

Mapped groups

Lists the groups that are mapped to this specified role within this application.




Related concepts
Assembly tools

Related reference
Mapping RunAs roles to users collection

Reference topic    

Terms of Use | Feedback

Last updated: Mar 17, 2005 4:28:29 AM CST
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/usec_tselugrad.html

© Copyright IBM Corporation 2002, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)