Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure Service integration > Secure service integration > Administer authorization permissions
Administer destination roles
Service integration bus security uses role-based authorization. When messaging security is enabled, users and groups must have authority to undertake messaging operations, at a bus destination. By administering destination roles, you can control which users and groups can undertake operations at a bus destination, and the types of operations that they can perform.
You use the admin console to administer users and groups in access roles for a destination. The access roles available for a destination depend on the type of destination. The table below lists the roles that you can assign for each destination type:
In addition to controlling which users and groups have access to a specific local or foreign destination, you can also control the inheritance of access roles for a specific local destination. In this case, the default access roles that apply to all the destinations in the local bus namespace are added to any access roles that have been added for a specific destination.
Destination roles. The first column of the table contains the list of destination types. The second column contains the access roles that can be assigned for the destination types.
Destination type Access roles queue sender, receiver, browser, creator port sender, receiver, browser, creator webService sender, receiver, browser, creator topicSpace sender, receiver foreignDestination sender alias sender, receiver, browser Use the following tasks to administer destination roles.
- listGroupsInDestinationRole command
- addGroupToDestinationRole command
- removeGroupFromDestinationRole command
- listUsersInDestinationRole command
- addUserToDestinationRole command
- removeUserFromDestinationRole command
- Define destination defaults inheritance by using wsadmin
- Determine destination defaults inheritance by using wsadmin
- List users and groups in destination roles
Service integration bus security uses role-based authorization. By listing the users and groups in the destination roles for a selected secured bus, you can find out which users and groups are authorized to access the bus, and its resources.
- Add users and groups to destination roles
Service integration bus security uses role-based authorization. By adding users and groups to the destination roles for a secured bus, you can control which users and group members can undertake messaging operations at a bus destination.
- Remove users and groups from destination roles
Service integration bus security uses role-based authorization. By removing users and groups from the destination roles for a secured bus, you can prevent those users and group members from performing messaging operations on the bus.
- Restore default inheritance for a destination
Service integration bus security uses role-based authorization. By default, all local destinations inherit access roles from the default resource. If default inheritance has been previously overridden, you can restore it for a selected destination.
- Ovveride inheritance from the default resource for a destination
Service integration bus security uses role-based authorization. By default, local destinations can inherit access roles from the default resource. If you do not want users and groups in the default access role to access a particular destination, you can override default inheritance for a selected destination.
Destination security
Topic security
Role-based authorization
Messaging security
Bus destinations
Configure bus destinations
Create a queue for point-to-point messaging
Administer foreign bus roles
Administer access to foreign destinations
Related
Access role assignments for bus security resources
Destinations access roles [Collection]