WAS v8.5 > Secure applications > Secure Service integration > Secure service integration > Administer authorization permissionsAdminister destination roles
Service integration bus security uses role-based authorization. When messaging security is enabled, users and groups must have authority to undertake messaging operations, at a bus destination. By administering destination roles, we can control which users and groups can undertake operations at a bus destination, and the types of operations they can perform. Use dmgr console to administer users and groups in access roles for a destination. The access roles available for a destination depend on the type of destination. The table below lists the roles that we can assign for each destination type:
Destination roles. The first column of the table contains the list of destination types. The second column contains the access roles that can be assigned for the destination types.
In addition to controlling which users and groups have access to a specific local or foreign destination, we can also control the inheritance of access roles for a specific local destination. In this case, the default access roles that apply to all the destinations in the local bus namespace are added to any access roles that have been added for a specific destination.
Destination type Access roles queue sender, receiver, browser, creator port sender, receiver, browser, creator webService sender, receiver, browser, creator topicSpace sender, receiver foreignDestination sender alias sender, receiver, browser
Subtopics
- Add users and groups to destination roles
Service integration bus security uses role-based authorization. By adding users and groups to the destination roles for a secured bus, we can control which users and group members can undertake messaging operations at a bus destination.- Remove users and groups from destination roles
Service integration bus security uses role-based authorization. By removing users and groups from the destination roles for a secured bus, we can prevent those users and group members from performing messaging operations on the bus.- List users and groups in destination roles
Service integration bus security uses role-based authorization. By listing the users and groups in the destination roles for a selected secured bus, we can find out which users and groups are authorized to access the bus, and its resources.- Restoring default inheritance for a destination
Service integration bus security uses role-based authorization. By default, all local destinations inherit access roles from the default resource. If default inheritance has been previously overridden, we can restore it for a selected destination.- Disable inheritance from the default resource
We can disable the inheritance of security access roles from the default resource for selected resources.- Overriding inheritance from the default resource for a destination
Service integration bus security uses role-based authorization. By default, local destinations can inherit access roles from the default resource. If we do not want users and groups in the default access role to access a particular destination, we can override default inheritance for a selected destination.
Subtopics
- Add users and groups to destination roles
Service integration bus security uses role-based authorization. By adding users and groups to the destination roles for a secured bus, we can control which users and group members can undertake messaging operations at a bus destination.- Remove users and groups from destination roles
Service integration bus security uses role-based authorization. By removing users and groups from the destination roles for a secured bus, we can prevent those users and group members from performing messaging operations on the bus.- List users and groups in destination roles
Service integration bus security uses role-based authorization. By listing the users and groups in the destination roles for a selected secured bus, we can find out which users and groups are authorized to access the bus, and its resources.- Restoring default inheritance for a destination
Service integration bus security uses role-based authorization. By default, all local destinations inherit access roles from the default resource. If default inheritance has been previously overridden, we can restore it for a selected destination.- Disable inheritance from the default resource
We can disable the inheritance of security access roles from the default resource for selected resources.- Overriding inheritance from the default resource for a destination
Service integration bus security uses role-based authorization. By default, local destinations can inherit access roles from the default resource. If we do not want users and groups in the default access role to access a particular destination, we can override default inheritance for a selected destination.
Related concepts:
Destination security
Topic security
Role-based authorization
Messaging security
Bus destinations
Related
List bus destinations
Create a bus destination
Configure bus destination properties
Configure mediations
Configure a destination forward routing path
Configure a destination reverse routing path
Configure context properties for a bus destination
Delete a bus destination
Resetting a destination
Administer foreign bus roles
Administer access to foreign destinations
Reference:
Access role assignments for bus security resources
Related information:
Destinations access roles [Collection]