addGroupToTopicRole command

Use the addGroupToTopicRole command to add a group to a topic role within a specified topic space.

To run the command, use the AdminTask object of the wsadmin scripting client.

The wsadmin scripting client is run from Qshell. For more information, see Configure Qshell to run WebSphere scripts .

This command is valid only when used with WAS v7 or later application servers. Do not use it with earlier versions.

Command-line help is provided for service integration bus commands:

• For a list of the available service integration bus security commands in Jython and a brief description of each command, enter the following command at the wsadmin prompt:

  print AdminTask.help('SIBAdminBusSecurityCommands')

• For overview help on a given command, enter the following command at the wsadmin prompt:

  print AdminTask.help('command_name')

After using the command, save the changes to the master configuration using the following command:

AdminConfig.save()

Purpose

Use the addGroupToTopicRole command to add a group to the sender or receiver roles for a topic anywhere in the topic hierarchy for a local bus. The roles specified for the topic are additional to any roles that the topic inherits from its parent in the topic hierarchy. Use this command to define the access control policy for a topic that does not yet exist. By defining the access control policy first, you ensure that the topic is secure from the moment it is created.

Target object

None.

Required parameters

-bus busName

The name of the local bus. Use the listSIBuses command to list the names of existing buses.

-topicSpace topicSpaceName

The name of the topic space.

-topic topicName

The name of the topic.

-role roleName

We can specify the Sender or Receiver roles for a topic.

-group groupName

The name of the group to add to the sender or receiver roles for a topic. We can specify a group name, or one of the following specialized group names:

Server

This group contains application servers.

AllAuthenticated

This group contains authenticated users only.

Everyone

This group contains all users. Each user is anonymous.

Conditional parameters

None.

Optional parameters

-uniqueName uniqueName

Specify the name that uniquely defines the group in the user registry. If an LDAP user registry is in use, the unique name is the distinguished name (DN) for the group. We can specify values for both -uniqueName and -group, but you must ensure that they identify the same group. The command does not check that the values match.

Examples

The following example adds a group with the group name Group1, and the unique name SalesGroup, to the Sender role for a topic called football, in the topic space called Sport, on a local bus called Bus1.

AdminTask.addGroupToTopicRole ('[-bus Bus1 -topicSpace Sport -topic football -role Sender -group Group1 -uniqueName SalesGroup]')

Related concepts

Messaging security

Topic security

Role-based authorization

Related tasks

Add users and groups to topic roles

listGroupsInTopicRole command

removeGroupFromTopicRole command

listUsersInTopicRole command

addUserToTopicRole command

removeUserFromTopicRole command Reference topic