WAS v8.5 > Secure applications > Authorizing access to resources > Authorizing access to administrative roles

Assigning users to naming roles

Use this task to assign users to naming roles using the dmgr console.

The following steps are needed to assign users to naming roles. In the dmgr console, click Environment > Naming, and click CORBA Naming Service Users or CORBA Naming Service Groups.

  1. Click Add on the CORBA Naming Service Users or the CORBA Naming Service Groups panel.
  2. To add a new naming service user, follow the instructions on the page to specify a user, and select one or more roles. Once the user is added to the "Mapped to role" list, click OK. The specified user is mapped to one or more security roles.
  3. To add a new naming service group, follow the instructions on the page to specify either a group name or a Special subject, highlight one or more roles, and click OK. The specified group or special subject are mapped to one or more the security roles
  4. To remove a user or group assignment, go to the CORBA Naming Service Users or CORBA Naming Service Groups panel. Select the check box next to the user or group to remove and click Remove.
  5. To manage the set of users or groups to display, expand the Filter folder on the right panel, and modify the filter text box. For example, setting the filter to user* displays only users with the user prefix.
  6. After modifications are complete, click Save to save the mappings. Restart the server for the changes to take effect.


Example

The default naming security policy is to grant all users read access to the CosNaming space and to grant any valid user the privilege to modify the contents of the CosNaming space. We can perform the previously mentioned steps to restrict user access to the CosNaming space. However, use caution when changing the naming security policy. Unless a Java EE application has clearly specified its naming space access requirements, changing the default policy can result in unexpected org.omg.CORBA.NO_PERMISSION exceptions at runtime.


Related concepts:

Administrative roles and naming service authorization
Role-based authorization
Access control exception for Java 2 security


Related


Authorizing access to administrative roles
Assigning users and groups to roles
Assigning users to RunAs roles


Reference:

Administrative group roles and CORBA naming service groups


+

Search Tips   |   Advanced Search