Console users settings and CORBA naming service user settings: WAS v5.1

Console users settings and CORBA naming service user settings

Use the Console users settings page to give users specific authority to administer WAS.
Console | System Administration | Console Users

Use the CORBA naming service users settings page to manage CORBA naming service users settings.
Console | Environment | Naming | CORBA Naming Service users.

User (Console users)

Specifies users.
The users entered must exist in the configured active user registry.

User (CORBA naming service users)

Specifies CORBA naming service users.
The users entered must exist in the configured active user registry.

Role (Console users)

Specifies user roles.
The following administrative roles provide different degrees of authority needed to perform certain WAS administrative functions...

Administrator

The administrator role has operator permissions, configurator permissions, and the permission required to access sensitive data including server password, LTPA password and keys, and so on.

Configurator

The configurator role has monitor permissions and can change the WAS configuration.

Operator

The operator role has monitor permissions and can change the run-time state. For example, the operator can start or stop services.

Monitor

The monitor role has the least permissions. This role primarily confines the user to viewing the WAS configuration and current state.
Range: Administrator, Configurator, Operator, and Monitor

Role (CORBA naming service users)

Specifies naming service user roles.
A number of naming roles are defined to provide degrees of authority needed to perform certain WebSphere naming service functions. The authorization policy is only enforced when global security is enabled. The following roles are valid: CosNamingRead, CosNamingWrite, CosNamingCreate, and CosNamingDelete.

CosNamingRead

Users can query the WebSphere name space using, for example, the Java Naming and Directory Interface (JNDI) lookup method. The special-subject EVERYONE is the default policy for this role.

CosNamingWrite

Users can perform write operations such as JNDI bind, rebind, or unbind, plus CosNamingRead operations. The special-subject ALL AUTHENTICATED is the default policy for this role.

CosNamingCreate

Users can create new objects in the name space through operations such as JNDI createSubcontext and CosNamingWrite operations. The special-subject ALL AUTHENTICATED is the default policy for this role.

CosNamingDelete

Users can destroy objects in the name space, for example using the JNDI destroySubcontext method and CosNamingCreate operations. The special-subject ALL AUTHENTICATED is the default policy for this role.
Range: CosNamingRead, CosNamingWrite, CosNamingCreate and CosNamingDelete