addGroupToTopicSpaceRootRole command
Use the addGroupToTopicSpaceRootRole command to add a group to topic space roles on the topic space root.
To run the command, use the AdminTask object of the wsadmin scripting client.
The wsadmin scripting client is run from Qshell. For more information, see Configure Qshell to run WebSphere scripts .
This command is valid only when used with WAS v7 or later application servers. Do not use it with earlier versions.
Command-line help is provided for service integration bus commands:
- For a list of the available service integration bus security commands in Jython and a brief description of each command, enter the following command at the wsadmin prompt:
print AdminTask.help('SIBAdminBusSecurityCommands')
- For overview help on a given command, enter the following command at the wsadmin prompt:
print AdminTask.help('command_name')
After using the command, save the changes to the master configuration using the following command:
AdminConfig.save()
Purpose
Use the addGroupToTopicRootSpaceRole command to grant a group permission to access the topic space root in the sender and receiver roles. This is in addition to any access permissions granted to the topics in the topic space. We can use this command to define the access control policy for a topic that does not yet exist. By defining the access control policy first, you ensure that the topic is secure from the moment it is created.
Target object
None.
Required parameters
- -bus busName
- The name of the local bus. We can use the listSIBuses command to list the names of existing buses.
- -topicSpace topicSpaceName
- The name of the topic space.
- -role roleName
- We can specify the Sender or Receiver roles for a topic.
- -group groupName
- The name of the group to add to the Sender or Receiver roles for the topic space root. We can specify a group name, or one of the following specialized group names:
- Server
- This group contains application servers.
- AllAuthenticated
- This group contains authenticated users only.
- Everyone
- This group contains all users. Each user is anonymous.
Conditional parameters
None.
Optional parameters
- -uniqueName uniqueName
- Specify the name that uniquely defines the group in the user registry. If an LDAP user registry is in use, the unique name is the distinguished name (DN) for the group. We can specify values for both -uniqueName and -group, but you must ensure that they identify the same group. The command does not check that the values match.
Examples
The following example adds a group called Group1, and the unique name SalesGroup to the Sender role for the topic space root, for a topic space called Sport, on a local bus called Bus1.
AdminTask.addGroupToTopicSpaceRootRole ('[-bus Bus1 -topicSpace Sport -role Sender -group Group1 uniqueName SalesGroup]')
Related concepts
Messaging security Topic security Role-based authorization
Related tasks
Add users and groups to topic space root roles
listGroupsInTopicSpaceRootRole command removeGroupFromTopicSpaceRootRole command listUsersInTopicSpaceRootRole command addUserToTopicSpaceRootRole command removeUserFromTopicSpaceRootRole command Reference topic