Add users and groups in the bus connector role

Service integration bus security uses role-based authorization. By adding users and groups to the bus connector role for a secured bus, we can control which users and group members have access to the bus and its resources.

• Ensure that security is enabled for the bus. For more information, refer to Secure buses.

• The users and groups to add to the bus connector role must exist already in the user repository.

Add users and groups to the bus connector role enables them to connect to the bus to carry out messaging operations. We can add a user directly to the bus connector role, or indirectly by adding a group to which the user belongs. We can also add special groups of users. There are three special groups:

Server

The server identity is a WAS . We cannot specify the Server group for a JMS message-driven bean (MDB).

All Authenticated

This group comprises all user identities that authenticate successfully to the bus.

Everyone

The user identities in this group are anonymous, and connect to the bus without security authentication.

Tips:

• If the user registry is an LDAP registry, use the group distinguished name (DN) when specified a group name to add to a bus connector role. Using the common name (CN) causes problems in security authorization. For more information, refer to Service integration bus security: Troubleshooting tips and Standalone Lightweight Directory Access Protocol registries.

• If we attempt to add a user or a group that is already a member of the bus connector role, a warning message is displayed.

In this task you use an console wizard to add groups and users to the bus connector role for a selected local bus.

1. Log into the console.

2. Click Service integration -> Buses -> security_value -> [Authorization Policy] Users and groups in the bus connector role. A list of the users and groups already in the bus connector role for the selected bus is displayed. By default, the list is empty for a new bus.

3. Click New to start the Security Resource Wizard.

4. Choose whether to add groups or users:

   • To add a special group, select The built-in special groups option.

   • To add other groups or users in the user repository, select the appropriate option, and complete the following mandatory fields:

     Search pattern

     Specify a string to match against user IDs or group names in the user repository. Only user IDs or group names that match the search pattern are retrieved, subject to the maximum number of search results. We can specify wildcard characters.

     Maximum number of search results to display

     Specify the maximum number of user IDs or group names to display.

5. Click Next to display a list of groups or users.

6. Select the names of the groups or users to add to the bus connector role, and click Next.

7. Click Finish to confirm you choices.

8. Save the changes to the master configuration.
   

Results

The selected users and groups are added to the bus connector role for the selected bus.

Related concepts

Messaging security

Role-based authorization

Access role assignments for bus security resources

addGroupToBusConnectorRole command

addUserToBusConnectorRole command

Related information:

Listing users and groups in the bus connector role

Remove users and groups from the bus connector role

Add a user or group to the bus connector role [Settings]