Console groups and CORBA naming service groups: WAS v5.1

Console groups and CORBA naming service groups

Overview

Use the Console Groups page to give groups authority to administer the WAS. Use the CORBA naming service groups page to manage CORBA Naming Service groups settings.
To view the Console Groups administrative console page, click through...
System Administration | Console Groups

To view the CORBA naming service groups administrative console page, click through...
Environment | Naming | CORBA Naming Service Groups

Settings include...

Console Groups The ALL_AUTHENTICATED and the EVERYONE groups can have the following role privileges: Administrator, Configurator, Operator, and Monitor.

Data type... String
Range... ALL_AUTHENTICATED, EVERYONE

CORBA naming service groups The ALL_AUTHENTICATED group has the following role privileges: CosNamingRead, CosNamingWrite, CosNamingCreate, and CosNamingDelete. The EVERYONE group indicates that the users in this group have CosNamingRead privileges only.

Data type... String
Range... ALL_AUTHENTICATED, EVERYONE

Console group Role Specifies user roles. The following administrative roles provide different degrees of authority needed to perform certain WAS administrative functions...

Administrator The administrator role has operator permissions, configurator permissions, and the permission required to access sensitive data including server password, LTPA password and keys, and so on.

Configurator The configurator role has monitor permissions and can change the WebSphere Application Server configuration.

Operator The operator role has monitor permissions and can change the run-time state. For example, the operator can start or stop services.

Monitor The monitor role has the least permissions. This role primarily confines the user to viewing the WAS configuration and current state.

CORBA naming service group Roles A number of naming roles are defined to provide degrees of authority needed to perform certain WebSphere naming service functions. The authorization policy is only enforced when global security is enabled.
Four name space security roles are available: CosNamingRead, CosNamingWrite, CosNamingCreate, and CosNamingDelete.

CosNamingRead Users can query the WebSphere name space using, for example, the Java Naming and Directory Interface (JNDI) lookup method. The special-subject EVERYONE is the default policy for this role.

CosNamingWrite Users can perform write operations such as JNDI bind, rebind, or unbind, and CosNamingRead operations. The special-subject ALL_AUTHENTICATED is the default policy for this role.

CosNamingCreate Users can create new objects in the name space through operations such as JNDI createSubcontext and CosNamingWrite operations. The special-subject ALL_AUTHENTICATED is the default policy for this role.

CosNamingDelete Users can destroy objects in the name space, for example using the JNDI destroySubcontext method and CosNamingCreate operations. The special-subject ALL_AUTHENTICATED is the default policy for this role.