WAS v8.5 > Secure applications > Secure Service integration > Secure service integration > Administer authorization permissions > Administer foreign bus roles

Add users and groups to foreign bus roles

Service integration bus security uses role-based authorization. When messaging security is enabled, users and groups require authority to send messages from a secured local bus destination to a secured foreign bus. By adding selected users and groups to the sender role for a selected foreign bus, we can control who has authority to send messages to the selected foreign bus.

This task assumes the following conditions have been met:

By default, when security is enabled, users and groups cannot send messages to a foreign bus. You must add them to the sender role for the foreign bus. In this task we uses an dmgr console wizard to select one or more foreign buses, retrieve selected users or groups from the potentially very large number of users and groups in the user repository, and add them to the sender role for the selected foreign buses.

  1. Start the dmgr console.

  2. Click Service integration -> Buses -> security_value -> [Authorization Policy] Manage foreign bus access roles. A list of the foreign buses defined for the selected bus is displayed in the Foreign buses panel.

  3. Select one or more foreign buses to work with:

    • Click a single foreign bus name.

    • Select the check boxes next to multiple foreign bus names, and then click Manage Access Roles.

    The Foreign bus access roles panel is displayed. The access roles information for each foreign bus we have selected is displayed in a collapsed section.

  4. Expand a foreign bus header to list the users and groups that have been assigned to roles for this foreign bus. We can verify the user or group to add does not already have a role for this foreign bus.

  5. Click Add to start the Security wizard. The wizard takes you through the following steps to add selected users or groups to the sender role for the selected foreign bus:

    1. Search for the users or groups to add to the sender role for the expanded foreign bus:

      Users or Groups

      Select either Users or Groups to specify whether to grant access roles to users or groups.

      Search pattern

      This field is mandatory. Specify a search string that is matched against user IDs or group names in the user repository. Only user IDs or group names that match the search pattern are retrieved, subject to the maximum number of search results. Wildcard characters are allowed.

      Maximum number of search results to display

      This field is mandatory. Specify the maximum number of user IDs or group names you want the dmgr console to display.

    2. Click Next. The wizard displays the users or groups in the user repository that match the information that you provided in the previous step.

    3. Select the check boxes next to the user IDs or group names to add to the sender role for the currently expanded foreign bus, and click Next. A list of users IDs or group names that we can add to the sender role is displayed. Note that some users or groups might already be assigned to the sender role for this foreign bus.

    4. Select the Sender icon for a user ID or group name to add to the sender role. The icon changes from to to show that we have added the user or group to the access role for the resource.
    5. Repeat the previous step for each user or group to add to the sender role, and then click Next. A summary of your role assignments is displayed.

    6. Optional: Click Previous to review and change your assignments, if required.

    7. Click Finish to confirm your assignments.

  6. Save your changes to the master configuration.


Results

The selected users and groups are added to the sender role for the selected foreign bus. The new access roles are displayed in the Foreign bus access roles panel.

Use the dmgr console to complete other security administrative tasks.


Related concepts:

Messaging security
Role-based authorization
Foreign buses


Reference:

Access role assignments for bus security resources
addGroupToForeignBusRole command
addUserToForeignBusRole command


Related information:

List users and groups in foreign bus roles
Remove users and groups from foreign bus roles
Foreign bus [Settings]


+

Search Tips   |   Advanced Search