WAS v8.5 > Secure applications > Secure Service integration > Secure service integration > Administer authorization permissions > Administer temporary destination prefix rolesAdd users and groups to temporary destination prefix roles
Service integration bus security uses role-based authorization. The messaging engine uses the temporary destination prefix at runtime to determine whether a client application is authorize to create, or send messages to a particular temporary destination. By adding users and groups to temporary destination prefix roles for a selected bus, we can control which users and groups can create temporary destinations, and send messages to them.
The users and groups to add to temporary destination prefix roles must already exist in the user repository. By default, the bus security configuration does not contain any temporary destination prefixes. In this task, we use the dmgr console Security wizard to first add a new temporary destination prefix, and then add users and groups to the sender role for the new temporary destination prefix. Note the creator role is assigned by default to the creator of the temporary destination; we cannot use the dmgr console to add users and groups to the creator role. By default, members of the All Authenticated group have authority in the creator role for temporary destination prefixes.
- Log into the dmgr console. The Temporary destination prefixes panel lists all the temporary destination prefixes defined for the selected bus. By default, this list is empty.
- Click Service integration -> Buses -> security_value -> [Authorization Policy] Manage temporary destination prefix access roles
- Click Add to start the Security wizard:
- Define the name of the temporary destination prefix, and identify the users or groups to add to the sender role for the temporary destination prefix:
- Resource
- This field is mandatory. Specify a name for the new temporary destination prefix.
- Users or Groups
- Select either Users or Groups to specify whether to grant access roles to users or groups.
- Search pattern
- This field is mandatory. Specify a search string that is matched against user identities or group names in the user repository. Only user identities or group names that match the search pattern are retrieved, subject to the maximum number of search results. Wild card characters are allowed.
- Maximum number of search results to display
- This field is mandatory. Specify the maximum number of user identities or group names you want the dmgr console to display.
- Click Next. The wizard displays the users or groups in the user repository that match the information that you provided in the previous step.
- Select the check boxes for the user identities or group names to assign to the sender role for the temporary destination prefix, and click Next. Note that we cannot assign users and groups to the creator role; it is assigned by default.
- Select the Sender icon for each user identity or group name to add to the sender role. The icon changes from to to show that we have added the user or group to the access role for the resource.
- Click Next. A summary of your role type assignments is displayed.
- Optional: Click Previous to review and change your role type assignments. Make your changes on the Select role types page, and then click Next. Note that we cannot change the name of the temporary destination prefix.
- Click Finish to confirm your assignments. The role type assignments are saved to the master configuration, and the new assignments are displayed in the Temporary destination prefixes panel.
- Save your changes to the master configuration.
Results
The selected users, groups, and group members are added to the sender role for the selected temporary destination prefix roles. The Manage access roles panel displays the new access roles.
Related concepts:
Messaging security
Temporary bus destinations
Role-based authorization
Reference:
Access role assignments for bus security resources
addGroupToDestinationRole command
addUserToDestinationRole command
Related information:
List users and groups in temporary destination prefix roles
Remove users and groups from temporary destination prefix roles
Remove a temporary destination prefix
Temporary destination prefixes [Settings]