WAS v8.5 > Secure applications > Secure Service integration > Secure service integration > Administer authorization permissions > Administer the bus connector roleAdd users and groups in the bus connector role
Service integration bus security uses role-based authorization. By adding users and groups to the bus connector role for a secured bus, we can control which users and group members have access to the bus and its resources.
- Ensure that security is enabled for the bus. For more information, refer to Secure buses.
- The users and groups to add to the bus connector role must exist already in the user repository.
Adding users and groups to the bus connector role enables them to connect to the bus to carry out messaging operations. We can add a user directly to the bus connector role, or indirectly by adding a group to which the user belongs. We can also add special groups of users. There are three special groups:
- Server
- The server identity is a WebSphere Application Server . We cannot specify the Server group for a JMS MDB.
- All Authenticated
- This group comprises all user identities that authenticate successfully to the bus.
- Everyone
- The user identities in this group are anonymous, and connect to the bus without security authentication.
Tips:
- If the user registry is an LDAP registry, use the group distinguished name (DN) when we specify a group name to add to a bus connector role. Using the common name (CN) causes problems in security authorization. For more information, refer to Service integration bus security: Troubleshooting tips and Standalone LDAP registries.
- If you attempt to add a user or a group that is already a member of the bus connector role, a warning message is displayed.
In this task we use an dmgr console wizard to add groups and users to the bus connector role for a selected local bus.
- Log into the dmgr console.
- Click Service integration -> Buses -> security_value -> [Authorization Policy] Users and groups in the bus connector role. A list of the users and groups already in the bus connector role for the selected bus is displayed. By default, the list is empty for a new bus.
- Click New to start the Security Resource Wizard.
- Choose whether to add groups or users:
- To add a special group, select The built-in special groups option.
- To add other groups or users in the user repository, select the appropriate option, and complete the following mandatory fields:
- Search pattern
- Specify a string to match against user IDs or group names in the user repository. Only user IDs or group names that match the search pattern are retrieved, subject to the maximum number of search results. We can specify wildcard characters.
- Maximum number of search results to display
- Specify the maximum number of user IDs or group names to display.
- Click Next to display a list of groups or users.
- Select the names of the groups or users to add to the bus connector role, and click Next.
- Click Finish to confirm you choices.
- Save your changes to the master configuration.
Results
The selected users and groups are added to the bus connector role for the selected bus.
Related concepts:
Messaging security
Role-based authorization
Reference:
Access role assignments for bus security resources
addGroupToBusConnectorRole command
addUserToBusConnectorRole command
Related information:
List users and groups in the bus connector role
Remove users and groups from the bus connector role
Add a user or group to the bus connector role [Settings]