WAS v8.5 > Secure applications > Secure Service integration > Secure service integration > Administer authorization permissions > Administer topic space root roles

Add users and groups to topic space root roles

Service integration bus security uses role-based authorization. When messaging security is enabled, users and groups require authority to send and receive messages from the topic space root in a publish/subscribe topic hierarchy. By adding users and groups to topic space root roles, you control access to the root topic in a selected topic space.

Topic space root (/) is the highest level topic in a publish/subscribe topic hierarchy. The hierarchy itself is called the topic space. Note that this task applies only to the topic space root; it does not apply to adding users and groups to topics or a topic space. For information about adding users and groups to topic access roles, see Add users and groups to topic roles, and for adding users and groups to topic space access roles, see Add users and groups to destination roles.

We can add users and groups to the sender and receiver roles for the topic space root. The topic space root can also inherit access in the sender and receiver roles from the topic space, providing the topic space is configured to inherit the default destination roles. For more information about topic inheritance, see Topic security.

By default, a topic space does not contain a root topic. In this task we use an dmgr console wizard to add a root topic to an existing topic space, retrieve the users and groups from the user repository to assign to roles on the new root topic, and add them to the root topic.

  1. Log into the dmgr console.

  2. Click Service integration -> Buses -> security_value -> [Authorization Policy] Manage topic access roles. The Topic spaces panel lists the topic spaces defined on the selected bus.

  3. Select the name of the topic space where to add a new root topic. The Topics panel displays the selected topic space in a collapsible section.

  4. Click Add to start the Security wizard:

    1. Identify the users or groups to add to the sender and receiver roles for the new root topic:

      Users or Groups

      Select either Users or Groups to specify whether to grant roles to users or groups.

      Search pattern

      This field is mandatory. Specify a search string that is matched against user IDs or group names in the user repository. Only user IDs or group names that match the search pattern are retrieved, subject to the maximum number of search results. We can use wildcard characters in the search string.

      Maximum number of search results to display

      This field is mandatory. Specify the maximum number of user IDs or group names you want the dmgr console to display.
    2. Click Next. The wizard displays the new root topic, and lists the users IDs or group names in the user repository that match the information that you provided in the previous step.

    3. Select the check boxes next to the user IDs or group names to assign to roles on the new root topic.

    4. Click Next. The wizard displays the topic role types that we can assign for the users or groups you selected in the previous step. Role types might already have been assigned for a specific user or group.

    5. Select the role types for the selected users or groups. For example, to assign a user to the sender role, select the Sender icon for the appropriate user ID. The icon changes from to to show that we have added the user or group to the access role for the resource.

    6. Click Next. A summary of your role type assignments for the root topic is displayed.

    7. Optional: To change your assignments, click Previous to return to the Select role types page, change your assignments, and then click Next.

    8. Click Finish to confirm your assignments. The role type assignments are saved to the master configuration, and the new assignments are displayed in the Topics panel.

  5. Save your changes to the master configuration.


Results

The selected users and groups are added to topic space root roles for the new root topic. The Manage access roles panel displays the new access role assignments.


Related concepts:

Messaging security
Topic security
Role-based authorization


Reference:

Access role assignments for bus security resources
addGroupToTopicSpaceRootRole command
addUserToTopicSpaceRootRole command


Related information:

List users and groups in topic space root roles
Remove users and groups from topic space root roles


+

Search Tips   |   Advanced Search