addGroupToDefaultRole command

Use the addGroupToDefaultRole command to add a group to the default roles for a local bus. To run the command, use the AdminTask object of the wsadmin scripting client.

This command is valid only when used with WAS V7.0 appservers. Do not use it with earlier versions. Command-line help is provided for service integration bus commands:

• For a list of the available service integration bus security commands in Jython and a brief description of each command, enter the following command at the wsadmin prompt:

  print AdminTask.help('SIBAdminBusSecurityCommands')

• For overview help on a given command, enter the following command at the wsadmin prompt:

  print AdminTask.help('command_name')

After using the command, save the changes to the master configuration; for example, by using the following command:

AdminConfig.save()

 

Purpose

Use the addGroupToDefaultRole command to grant a group default access to all local bus destinations for the specified roles. Adding a group to the default role does not grant access to local destinations where the inheritance of default access is disallowed. To grant access to a local destination where inheritance is disallowed, add the group to a destination role. For more information, see addGroupToDestinationRole.

You can use this command to define the access control policy for a messaging resource that does not yet exist. This approach ensures that the messaging resource is secure from the moment it is created.

 

Target object

None.

 

Required parameters

-bus busName

The name of the local bus. Use the listSIBuses command to list the names of existing buses.

-role roleType

The role type to which you want to assign the group. We can assign a group to the following role types:

Sender

This role type is authorized to send messages to destinations on the local bus.

Receiver

This role type is authorized to receive messages from destinations on the local bus.

Browser

This role type is authorized to browse messages on destinations on the local bus.

Creator

This role type is authorized to create messages on destinations on the local bus.

-group groupName

The name of a group you want to add to default roles for the local bus. We can type a specific group name, or use one of the following specialized group names:

Server

This group contains appservers.

AllAuthenticated

This group contains authenticated users only.

Everyone

This group contains all users. Each user is anonymous.

 

Conditional parameters

None.

 

Optional parameters

-uniqueName uniqueName

Specify the name that uniquely defines the group in the user registry. If an LDAP user registry is in use, the unique name is the distinguished name (DN) for the group. We can specify values for both -uniqueName and -group, but verify they identify the same group. The command does not check that the values match.

 

Example

The following example adds a group with the group name Group1, and the unique name SalesGroup, to the sender role type for a bus called Bus1.

AdminTask.addGroupToDefaultRole ('[-bus Bus1 -role Sender -group Group1 uniqueName SalesGroup]')

The following example adds the AllAuthenticated group to the browser role for a bus called Bus1.

AdminTask.addGroupToDefaultRole ('[-bus Bus1 -role Browser -group AllAuthenticated]')

   

---

Last updated Nov 10, 2010 8:23:07 PM CST