Security role to user and group selections
Use this page to select users and groups for security roles.
To view this administrative console page, click Application > Install New Application.
While using the Install New Application Wizard, prompts appear to help you map security roles to users. You also can configure security roles to user mappings of deployed applications. Different roles can have different security authorizations. Mapping users or groups to a role authorizes those users or groups to access applications defined by the role. Users, groups and roles are defined when an application is installed or configured.
You also can select role to user and group mappings while you are deploying applications. After deployment in Additional Properties, click Map Security roles to users to change user and group mappings to a role.
- Look up users
Specifies whether the server looks up selected users.
Choose the role by selecting the check box beside the role and clicking Lookup users. Complete the Limit and the Pattern fields. The Limit field contains the number of entries that the search function returns. The Pattern field contains the search pattern used for searching entries. For example, bob* searches all users or groups starting with bob. A limit of zero returns all the entries that match the pattern. Use this value only when a small number of users or groups match this pattern in the registry. If the registry contains more entries that match the pattern than requested, a message appears in the console to indicate that there are more entries in the registry. We can either increase the limit or refine the search pattern to get all the entries.
- Look up groups
Specifies whether the server looks up selected groups.
Choose the role by selecting the check box beside the role and clicking Lookup groups. Complete the Limit and the Pattern fields. The Limit field contains the number of entries that the search function returns. The Pattern field contains the search pattern used for searching entries. For example, bob* searches all users or groups starting with bob. A limit of zero returns all the entries that match the pattern. Use this value only when a small number of users or groups match this pattern in the registry. If the registry contains more entries that match the pattern than requested, a message appears in the console to indicate that there are more entries in the registry. We can either increase the limit or refine the search pattern to get all the entries.
Configuration tab
- Role
Specifies user roles.
A number of administrative roles are defined to provide degrees of authority needed to perform certain WebSphere administrative functions from either the Web-based administrative console or the system management scripting interface. The authorization policy is only enforced when global security is enabled. The following roles are valid:
- Monitor
- This role is the least privileged. A user can view the server configuration and its current state.
- Configurator
- This role has the monitor privilege plus the ability to change the server configuration.
- Operator
- This role has the monitor privilege plus the ability to change the run-time state, such as starting or stopping services
- Administrator
- This role has the operator privileges plus the configurator privileges.
Range Monitor, Configurator, Operator, Administrator - Everyone
Specifies to authenticate everyone.
Range Monitor, Configurator, Operator, Administrator - All authenticated
Range Monitor, Configurator, Operator, Administrator - Mapped users
- Mapped groups