WAS v8.5 > Secure applications > Secure Service integration > Secure service integration > Administer authorization permissions > Administer destination rolesRemove users and groups from destination roles
Service integration bus security uses role-based authorization. By removing users and groups from the destination roles for a secured bus, we can prevent those users and group members from performing messaging operations on the bus.
When selected users and groups no longer require access to a destination, we can remove them from all the roles for that destination.
- Log into the dmgr console.
- Click Service integration -> Buses -> security_value -> [Authorization Policy] Manage destination access roles A list of the destinations defined for the selected bus is displayed in the Destinations panel.
- Select one or more destinations to work with:
- Click a single destination name.
- Select the check boxes next to multiple destination names, and then click Manage Access Roles.
The Destination access roles panel is displayed. The information for each destination we have selected is displayed in a collapsed section.
- Expand a destination header to list the users and groups that have been assigned to roles at this destination, and verify the user or group to remove has a role at this destination.
- Select the users and groups to remove from all role types at this destination, and click Remove.
- Save your changes to the master configuration.
Results
The selected users and groups are removed from all role types at the selected destination. The Manage access roles for users and groups panel displays the updated role type assignments.
Example
The members of three groups, Group A, Group B, and Group C, belong to the sender role and the receiver role for two queue destination, Queue 1 and Queue 2. If Group B is no longer required to send and receive messages on Queue 2, we can use this task to remove Group B from all the role types on Queue 2.
Use the dmgr console to complete other security administrative tasks.
Related concepts:
Messaging security
Destination security
Role-based authorization
Bus destinations
Reference:
Access role assignments for bus security resources
removeGroupFromDestinationRole command
removeUserFromDestinationRole command
Related information:
Add users and groups to destination roles
List users and groups in destination roles
Restoring default inheritance for a destination
Disable inheritance from the default resource
Overriding inheritance from the default resource for a destination
Destinations access roles [Settings]