Administer topic roles

Service integration bus security uses role-based authorization. When messaging security is enabled, users and groups require authority to access a topic in a publish/subscribe topic hierarchy. By adding and removing users and groups in topic roles, we can control access to the topic.

Use console to list, add and remove users and groups in the sender and receiver roles, and to define topic role inheritance. By default, a child topic inherits its topic roles from its parent topic. We can change the default roles for a particular topic by adding or removing topic roles at the topic level. We can also allow or block inheritance of topic roles at topic level.

We can add access roles for a topic before it exists. Topics are created at runtime only, and exist only for as long as they are active.

Subtopics

• Listing users and groups in topic roles
  Service integration bus security uses role-based authorization. When messaging security is enabled, users and groups require authority to access topics in a publish/subscribe topic hierarchy. By listing the users and groups that are members of topic roles for a selected topic, we can find out who has authority to send messages to and from the topic.

• Add users and groups to topic roles
  Service integration bus security uses role-based authorization. When messaging security, and topic level authorization is enabled, users and groups must be authorized to access topics in a publish/subscribe topic hierarchy. By adding users and groups to topic roles, you control access to a topic in a selected topic space.

• Remove users and groups from topic roles
  Service integration bus security uses role-based authorization. When messaging security is enabled, and the Topic access check required setting is enabled for the topic space, users and groups require authority to access a topic in the topic space. By removing users and groups from all topic roles for a selected topic, you prevent them from accessing the topic.

• Enable topic role inheritance
  Service integration bus security uses role-based authorization. When messaging security, and topic level security are enabled, and users and groups require access in the sender and receiver roles to access a topic in a publish/subscribe topic hierarchy. By default, topics inherit these roles from the parent topic. If topic role inheritance has been disabled for a particular topic, we can restore it using the console.

• Disable topic role inheritance
  Service integration bus security uses role-based authorization. When messaging security, and topic level security are enabled, users and groups require access in the sender and receiver roles to access a topic in a publish/subscribe topic hierarchy. By default, topics inherit these roles from the parent topic. If we do not want topics to inherit topic roles from the parent topic in the topic hierarchy, we can override topic role inheritance using the console.

Subtopics

• Listing users and groups in topic roles
  Service integration bus security uses role-based authorization. When messaging security is enabled, users and groups require authority to access topics in a publish/subscribe topic hierarchy. By listing the users and groups that are members of topic roles for a selected topic, we can find out who has authority to send messages to and from the topic.

• Add users and groups to topic roles
  Service integration bus security uses role-based authorization. When messaging security, and topic level authorization is enabled, users and groups must be authorized to access topics in a publish/subscribe topic hierarchy. By adding users and groups to topic roles, you control access to a topic in a selected topic space.

• Remove users and groups from topic roles
  Service integration bus security uses role-based authorization. When messaging security is enabled, and the Topic access check required setting is enabled for the topic space, users and groups require authority to access a topic in the topic space. By removing users and groups from all topic roles for a selected topic, you prevent them from accessing the topic.

• Enable topic role inheritance
  Service integration bus security uses role-based authorization. When messaging security, and topic level security are enabled, and users and groups require access in the sender and receiver roles to access a topic in a publish/subscribe topic hierarchy. By default, topics inherit these roles from the parent topic. If topic role inheritance has been disabled for a particular topic, we can restore it using the console.

• Disable topic role inheritance
  Service integration bus security uses role-based authorization. When messaging security, and topic level security are enabled, users and groups require access in the sender and receiver roles to access a topic in a publish/subscribe topic hierarchy. By default, topics inherit these roles from the parent topic. If we do not want topics to inherit topic roles from the parent topic in the topic hierarchy, we can override topic role inheritance using the console.

Related concepts

Role-based authorization

Topic security

Related tasks

Create a topic space for publish/subscribe messaging

Configure bus destinations

Access role assignments for bus security resources

Related information:

Topics [Collection]