addUserToDestinationRole command
Use the addUserToDestinationRole command to add a user to the destination roles for a local or foreign bus.
To run the command, use the AdminTask object of the wsadmin scripting client.
The wsadmin scripting client is run from Qshell. For more information, see Configure Qshell to run WebSphere scripts .
Command-line help is provided for service integration bus commands:
- For a list of the available service integration bus security commands in Jython and a brief description of each command, enter the following command at the wsadmin prompt:
print AdminTask.help('SIBAdminBusSecurityCommands')
- For overview help on a given command, enter the following command at the wsadmin prompt:
print AdminTask.help('command_name')
After using the command, save the changes to the master configuration using the following command:
AdminConfig.save()
Purpose
Use the addUserToDestinationRole command grant a user access to local bus destinations for the specified roles. The roles we can specify depend on the type of destination.
Target object
None.
Required parameters
- -type destinationType
- We can specify one of the following destination types:
- Queue
- Port
- TopicSpace
- ForeignDestination
- Alias
The allowed roles for a destination depend on the type of the destination as defined in Administer destination roles.
If you are specifying a destinationType that is either foreignDestination or alias, the foreign bus name specified must be the name of the foreign bus hosting the destination.
If we specify a destinationType of queue or topic, the foreign bus name is ignored. The authorization is granted against the destination in the local bus.
- -bus busName
- The name of the local bus. We can use the listSIBuses command to list the names of existing buses.
- -role roleType
- We can specify one of the following role types, depending on the -type we have specified.
- Sender
- This role type is authorized to send messages to destinations on the local bus.
- Receiver
- This role type is authorized to receive messages from destinations on the local bus.
- Browser
- This role type is authorized to browse messages on destinations on the local bus.
- -user userName
- The name of the user to add to the destination role type for the local bus.
Conditional parameters
None.
Optional parameters
- -foreignBus foreignBusName
- Specify the name of the foreign bus. If we are adding a user to a destination on a foreign destination or an alias, specify the name of the foreign bus that hosts the foreign destination or the alias.
- -uniqueName uniqueName
- This parameter is valid only when used with WAS v7 or later application servers. Do not use it with earlier versions. Specify the name that uniquely defines the user in the user registry. If an LDAP user registry is in use, the unique name is the distinguished name (DN) for the user. We can specify values for both -uniqueName and -user, but you must ensure that they identify the same user. The command does not check that the values match.
Examples
The following example adds a user called User1 to the sender role on a queue type destination called Queue1, on a local bus called Bus1.
Admintask.addUserToDestinationRole ('[-type queue -bus Bus1 -destination Queue1 -role Sender -user User1]')The following example adds a user called User2 to the receiver role on a queue type destination called Queue2, on a local bus called Bus1.
Admintask.addUserToDestinationRole ('[-type queue -bus Bus1 -destination Queue2 -role Receiver -user User2]')
Related concepts
Messaging security Destination security Role-based authorization Temporary bus destinations Bus destinations
Related tasks
Add users and groups to destination roles Add users and groups to temporary destination prefix roles
listGroupsInDestinationRole command addGroupToDestinationRole command removeGroupFromDestinationRole command listUsersInDestinationRole command removeUserFromDestinationRole command Reference topic