WAS v8.5 > Secure applications > Secure Service integration > Secure service integration > Administer authorization permissions

Administer topic roles

Service integration bus security uses role-based authorization. When messaging security is enabled, users and groups require authority to access a topic in a publish/subscribe topic hierarchy. By adding and removing users and groups in topic roles, we can control access to the topic. Use dmgr console to list, add and remove users and groups in the sender and receiver roles, and to define topic role inheritance. By default, a child topic inherits its topic roles from its parent topic. We can change the default roles for a particular topic by adding or removing topic roles at the topic level. We can also allow or block inheritance of topic roles at topic level.

We can add access roles for a topic before it exists. Topics are created at runtime only, and exist only for as long as they are active.

Subtopics

• List users and groups in topic roles
  Service integration bus security uses role-based authorization. When messaging security is enabled, users and groups require authority to access topics in a publish/subscribe topic hierarchy. By listing the users and groups that are members of topic roles for a selected topic, we can find out who has authority to send messages to and from the topic.
• Add users and groups to topic roles
  Service integration bus security uses role-based authorization. When messaging security, and topic level authorization is enabled, users and groups must be authorized to access topics in a publish/subscribe topic hierarchy. By adding users and groups to topic roles, you control access to a topic in a selected topic space.
• Remove users and groups from topic roles
  Service integration bus security uses role-based authorization. When messaging security is enabled, and the Topic access check required setting is enabled for the topic space, users and groups require authority to access a topic in the topic space. By removing users and groups from all topic roles for a selected topic, you prevent them from accessing the topic.
• Enable topic role inheritance
  Service integration bus security uses role-based authorization. When messaging security, and topic level security are enabled, and users and groups require access in the sender and receiver roles to access a topic in a publish/subscribe topic hierarchy. By default, topics inherit these roles from the parent topic. If topic role inheritance has been disabled for a particular topic, we can restore it using the dmgr console.
• Disable topic role inheritance
  Service integration bus security uses role-based authorization. When messaging security, and topic level security are enabled, users and groups require access in the sender and receiver roles to access a topic in a publish/subscribe topic hierarchy. By default, topics inherit these roles from the parent topic. If we do not want topics to inherit topic roles from the parent topic in the topic hierarchy, we can override topic role inheritance using the dmgr console.

Subtopics

• List users and groups in topic roles
  Service integration bus security uses role-based authorization. When messaging security is enabled, users and groups require authority to access topics in a publish/subscribe topic hierarchy. By listing the users and groups that are members of topic roles for a selected topic, we can find out who has authority to send messages to and from the topic.
• Add users and groups to topic roles
  Service integration bus security uses role-based authorization. When messaging security, and topic level authorization is enabled, users and groups must be authorized to access topics in a publish/subscribe topic hierarchy. By adding users and groups to topic roles, you control access to a topic in a selected topic space.
• Remove users and groups from topic roles
  Service integration bus security uses role-based authorization. When messaging security is enabled, and the Topic access check required setting is enabled for the topic space, users and groups require authority to access a topic in the topic space. By removing users and groups from all topic roles for a selected topic, you prevent them from accessing the topic.
• Enable topic role inheritance
  Service integration bus security uses role-based authorization. When messaging security, and topic level security are enabled, and users and groups require access in the sender and receiver roles to access a topic in a publish/subscribe topic hierarchy. By default, topics inherit these roles from the parent topic. If topic role inheritance has been disabled for a particular topic, we can restore it using the dmgr console.
• Disable topic role inheritance
  Service integration bus security uses role-based authorization. When messaging security, and topic level security are enabled, users and groups require access in the sender and receiver roles to access a topic in a publish/subscribe topic hierarchy. By default, topics inherit these roles from the parent topic. If we do not want topics to inherit topic roles from the parent topic in the topic hierarchy, we can override topic role inheritance using the dmgr console.

Related concepts:

Role-based authorization
Topic security

Related

Create a topic space for publish/subscribe messaging
Configure bus destinations

Reference:

Access role assignments for bus security resources

Related information:

Topics [Collection]

+

Search Tips   |   Advanced Search