Administer authorization permissions
Service integration messaging security uses role-based authorization. When a user is assigned to a role, the user is granted all of the permissions that the role contains. By administering authorization permissions, we can control user access to a bus and its resources when messaging security is enabled.
When a bus is created, a set of default authorization roles is created. Default roles provide authenticated users who have the bus connector role with full access to all local destinations on the bus. By default, only members of the Server group have the bus connector role. If a specific user needs to connect to the bus, you must explicitly add that user to the bus connector role.
We can make changes to authorization permissions when messaging security is enabled or disabled.
Changes made when security is disabled do not have any effect until security is enabled.
When specified the group authorization permissions, the group distinguished name (DN) must be used. If we specify a common name (CN) for the group name, users in that group do not have the specified authorities.
When security is enabled, by default users cannot connect to a foreign bus. If a specific user needs to connect to a foreign bus, explicitly add that user to the foreign bus access list.
Subtopics
- Administer the bus connector role
- Administer default roles
- Administer destination roles
- Administer foreign bus roles
- Administer temporary destination prefix roles
- Administer topic space root roles
- Administer topic roles
- Remove access roles from unknown users and groups
Related concepts
Messaging security Client authentication on a service integration bus Role-based authorization Fine-grained administrative security Disable bus security Enable client SSL authentication Secure messages between messaging buses Secure access to a foreign bus Secure links between messaging engines Controlling which foreign buses can link to the bus Secure database access Secure mediations Administer the bus connector role populateUniqueNames command Secure buses Add unique names to the bus authorization policy Administer permitted transports for a bus