Administer temporary destination prefix roles

Service integration bus security uses role-based authorization. A temporary destination prefix can have two role types: creator and sender. The messaging engine uses the temporary destination prefix at runtime to determine which users and groups have authority to create a temporary destination, and send messages to temporary destinations. By administering temporary destination prefix roles for a bus, you control which users and groups can create and send messages to temporary destinations for a selected bus.

Ensure that security is enabled for the bus. For more information, refer to Secure buses.

By default, a bus does not contain any temporary destination prefixes. Use console to add a new temporary destination prefix to the bus, and then assign selected users and groups to the sender role for the new temporary destination prefix. The creator role is assigned by default. All authenticated users can create temporary destinations by default. We can remove selected users and groups from the sender role for a selected temporary destination prefix, and we can remove a selected temporary destination prefix.

Subtopics

• Listing users and groups in temporary destination prefix roles
  Service integration bus security uses role-based authorization. Temporary destination prefix roles are used to authorize access to the temporary destinations for a bus. By listing the users and groups in the temporary destination prefix roles for a selected bus, we can find out which users and groups can create temporary destinations, and send messages to temporary destinations for a selected bus.

• Add users and groups to temporary destination prefix roles
  Service integration bus security uses role-based authorization. The messaging engine uses the temporary destination prefix at runtime to determine whether a client application is authorize to create, or send messages to a particular temporary destination. By adding users and groups to temporary destination prefix roles for a selected bus, we can control which users and groups can create temporary destinations, and send messages to them.

• Remove users and groups from temporary destination prefix roles
  Service integration bus security uses role-based authorization. When security is enabled, a temporary destination prefix role is used to authorize access to temporary destinations. The temporary destination prefix is used at runtime to create temporary destinations on the bus. By removing users and groups from temporary destination prefix roles for a selected bus, we can prevent selected users and groups from sending messages to temporary destinations on the bus.

• Remove a temporary destination prefix
  A temporary destination prefix is used by the service integration bus security model to determine what operations the creator of the temporary destination can perform. By removing a temporary destination prefix, you remove the creator role from the identity of the user that created the temporary destination.

Subtopics

• Listing users and groups in temporary destination prefix roles
  Service integration bus security uses role-based authorization. Temporary destination prefix roles are used to authorize access to the temporary destinations for a bus. By listing the users and groups in the temporary destination prefix roles for a selected bus, we can find out which users and groups can create temporary destinations, and send messages to temporary destinations for a selected bus.

• Add users and groups to temporary destination prefix roles
  Service integration bus security uses role-based authorization. The messaging engine uses the temporary destination prefix at runtime to determine whether a client application is authorize to create, or send messages to a particular temporary destination. By adding users and groups to temporary destination prefix roles for a selected bus, we can control which users and groups can create temporary destinations, and send messages to them.

• Remove users and groups from temporary destination prefix roles
  Service integration bus security uses role-based authorization. When security is enabled, a temporary destination prefix role is used to authorize access to temporary destinations. The temporary destination prefix is used at runtime to create temporary destinations on the bus. By removing users and groups from temporary destination prefix roles for a selected bus, we can prevent selected users and groups from sending messages to temporary destinations on the bus.

• Remove a temporary destination prefix
  A temporary destination prefix is used by the service integration bus security model to determine what operations the creator of the temporary destination can perform. By removing a temporary destination prefix, you remove the creator role from the identity of the user that created the temporary destination.

Related concepts

Role-based authorization

Temporary bus destinations

Access role assignments for bus security resources

Related information:

Temporary destination prefixes [Collection]