Removing users and groups from destination roles
Service integration bus security uses role-based authorization. By removing users and groups from the destination roles for a secured bus, we can prevent those users and group members from performing messaging operations on the bus.
When selected users and groups no longer require access to a destination, we can remove them from all the roles for that destination.
Tasks
- Log into the administrative console.
- Click Service integration -> Buses -> security_value -> [Authorization Policy] Manage destination access roles A list of the destinations defined for the selected bus is displayed in the Destinations panel.
- Select one or more destinations to work with:
- Click a single destination name.
- Select the check boxes next to multiple destination names, and then click Manage Access Roles.
The Destination access roles panel is displayed. The information for each destination we have selected is displayed in a collapsed section.
- Expand a destination header to list the users and groups that have been assigned to roles at this destination, and verify that the user or group to remove has a role at this destination.
- Select the users and groups to remove from all role types at this destination, and click Remove.
- Save changes to the master configuration.
The selected users and groups are removed from all role types at the selected destination. The Manage access roles for users and groups panel displays the updated role type assignments.
Example
The members of three groups, Group A, Group B, and Group C, belong to the sender role and the receiver role for two queue destination, Queue 1 and Queue 2. If Group B is no longer required to send and receive messages on Queue 2, we can use this task to remove Group B from all the role types on Queue 2.
What to do next
Use the administrative console to complete other security administrative tasks.
Related:
Messaging security Destination security Role-based authorization Bus destinations Access role assignments for bus security resources removeGroupFromDestinationRole command removeUserFromDestinationRole command Add users and groups to destination roles List users and groups in destination roles Restore default inheritance for a destination Disable inheritance from the default resource Overriding inheritance from the default resource for a destination Destinations access roles [Settings]