+

Search Tips   |   Advanced Search

Add users and groups to destination roles

Service integration bus security uses role-based authorization. By adding users and groups to the destination roles for a secured bus, we can control which users and group members can undertake messaging operations at a bus destination.

Ensure that the following conditions are met:

By adding users or groups to the destination role, you grant the users or groups authority to undertake the operation defined by the role at a selected destination. The destination roles are sender, receiver, browser, and creator, depending on the destination type.

In this task we use the administrative console Security wizard to retrieve selected users or groups from the user repository, and add them to destination roles for selected bus destinations.

Tip: To add a large number of users to destination roles, it is advisable to create a group in the user repository, and add the group to the destination roles.


Tasks

  1. Start the administrative console.

  2. Click Service integration -> Buses -> security_value -> [Authorization Policy] Manage destination access roles. A list of the destinations defined for the selected bus is displayed in the Destinations panel.

  3. Select one or more destination to work with:

    • Click a single destination name.

    • Select the check boxes next to multiple destination names, and then click Manage Access Roles.

    The Destination access roles panel is displayed. The information for each destination we have selected is displayed in a collapsed section.

  4. Expand a destination header to list the users and groups that have been assigned to roles for this destination. We can verify that the user or group we want to add does not already have a role at this destination.

  5. Click Add to start the Security wizard. The wizard takes you through the following steps to add selected users or groups to access roles for the expanded destination:

    1. Search for the users or groups to add to access roles for the expanded destination:

      Users or Groups

      Select either Users or Groups to specify whether we want to grant access roles to users or groups.

      Search pattern

      This field is mandatory. Specify a search string that is matched against user IDs or group names in the user repository. Only user IDs or group names that match the search pattern are retrieved, subject to the maximum number of search results. Wildcard characters are allowed.

      Maximum number of search results to display

      This field is mandatory. Specify the maximum number of user IDs or group names we want the administrative console to display.

    2. Click Next. The wizard displays the users or groups in the user repository that match the information that we provided in the previous step.

    3. Select the check boxes next to the user IDs or group names to add to access roles for the currently expanded destination, and click Next. A list of user IDs or group names that we can add to destination roles is displayed. Note that some users or groups might already be assigned to access roles for this destination.

    4. Select the appropriate access role icon for the user ID or group name to add to the role at this destination. For example, select the Receiver icon for a user ID or group name to add to the receiver role. The icon changes from

      to

      to show that we have added the user or group to the access role for the resource.

    5. Repeat the previous step to add more users or groups to access roles for the currently expanded destination> Next. A summary of our access role assignments is displayed.

    6. Optional: Click Previous to review and change your assignments, if required.

    7. Click Finish to confirm your assignments.

  6. Repeat steps 4 and 5 for each destination we want to work with.

  7. Save changes to the master configuration.

The selected users and groups are added to the access roles for the currently expanded destination. The new access role assignments are displayed in the Destination access roles panel.


Example

A group called MyGroup receives messages from three queues, Queue 1, Queue 2, and Queue 3. If we want the group MyGroup to produce and consume messages at an additional destination, Queue 4, we add MyGroup to Queue 4, and then add MyGroup to the sender and receiver roles for Queue 4.


What to do next

Use the administrative console to complete other security administrative tasks.


Related:

  • Messaging security
  • Destination security
  • Role-based authorization
  • Bus destinations
  • Access role assignments for bus security resources
  • addGroupToDestinationRole command
  • addUserToDestinationRole command
  • Remove users and groups from destination roles
  • List users and groups in destination roles
  • Restore default inheritance for a destination
  • Disable inheritance from the default resource
  • Overriding inheritance from the default resource for a destination
  • Destinations access roles [Settings]