Map security roles to users or groups collection for SCA composites
Use this page to view and manage mappings of security roles to users and groups used with the Service Component Architecture (SCA) composites. To view this console page, click Applications > Application Types > Business-level applications > application_name > deployed_asset_composition_unit_name > Map security roles to users or groups. This page is the same as the Map security roles to users or groups page in the Create new business-level application wizard. To view this page, the composition unit must support SCA security.
Different roles can have different security authorizations. Mapping users or groups to a role authorizes those users or groups to access applications defined by the role. Users, groups, and roles are defined when an application is installed or configured.
To map a role to a user or group, enable the Select check box for the role name in the list and click a button. On the displayed page, specify one or more users or groups to map to the role.
Button Resulting action Map Users Displays the Map users or groups page on which we can specify the users to have the selected security role. Map Groups Displays the Map users or groups page on which we can specify the groups to have the selected security role. Map Special Subjects Maps special subjects according to the option selected: None specifies to map none of the special subjects to the role.
All Authenticated in Application's Realm specifies to map all of the authenticated users to a specified role. When you map all authenticated users to a specified role, all of the valid users in the current registry who have been authenticated can access resources that are protected by this role.
All Authenticated in Trusted Realms specifies to map all of the authenticated users in the trusted realms to a specified role. This option gives all authenticated users who belong to the user registry access to the application's realm and all authenticated users who belong to user registries access to realms which are trusted by the current security domain.
Everyone specifies to map everyone to a specified role. When you map everyone to a role, anyone can access the resources that are protected by this role and, essentially, there is no security.
Role
Specifies a security role.
Special Subjects
Specifies which special subjects are mapped to the security role. This option applies only when an application uses multiple realms.
- None
- Specifies to map none of the special subjects to the role.
- All Authenticated in Application's Realm
- Specifies to map all of the authenticated users to a specified role. When you map all authenticated users to a specified role, all of the valid users in the current registry who have been authenticated can access resources that are protected by this role.
- All Authenticated in Trusted Realms
- Specifies to map all of the authenticated users in the trusted realms to a specified role. All authenticated users who belong to the user registry that is mapped to the application's realm and all authenticated users who belong to user registries mapped to realms which are trusted by the current security domain are successfully authorized.
- Everyone
- Specifies to map everyone to a specified role. When you map everyone to a role, anyone can access the resources that are protected by this role and, essentially, there is no security.
To change the value, select the role, click Map Special Subjects, and select an option.
Users
Lists the users mapped to the specified role within this application.
Users from the non-default realm are displayed as user@realm.
Groups
Lists the groups mapped to this specified role within this application.
Related tasks
Assigning users and groups to roles
Composition unit settings Map RunAs roles to users collection for SCA composites