addGroupToDefaultRole command
Use the addGroupToDefaultRole command to add a group to the default roles for a local bus.
To run the command, use the AdminTask object of the wsadmin scripting client.
(iSeries) (iSeries) The wsadmin scripting client is run from Qshell. (iSeries) See Configure Qshell to run WebSphere scripts .
This command is valid only when used with WebSphere Application Server v7.0 or later application servers. Do not use it with earlier versions.
Command-line help is provided for service integration bus commands:
- For a list of the available service integration bus security commands in Jython and a brief description of each command, enter at the wsadmin prompt:
print AdminTask.help('SIBAdminBusSecurityCommands')
- For overview help on a given command, enter at the wsadmin prompt:
print AdminTask.help('command_name')
After using the command, save the changes to the master configuration using the following command:
AdminConfig.save()
Use the addGroupToDefaultRole command to grant a group default access to all local bus destinations for the specified roles. Adding a group to the default role does not grant access to local destinations where the inheritance of default access is disallowed. To grant access to a local destination where inheritance is disallowed, we must add the group to a destination role. See addGroupToDestinationRole command.
Use this command to define the access control policy for a messaging resource that does not yet exist. This approach ensures that the messaging resource is secure from the moment it is created.
Target object
None.
Required parameters
- -bus busName
- The name of the local bus. Use the listSIBuses command to list the names of existing buses.
- -role roleType
- The role type to which we want to assign the group. We can assign a group to the following role types:
- Sender
- This role type is authorized to send messages to destinations on the local bus.
- Receiver
- This role type is authorized to receive messages from destinations on the local bus.
- Browser
- This role type is authorized to browse messages on destinations on the local bus.
- Creator
- This role type is authorized to create messages on destinations on the local bus.
- -group groupName
- The name of a group we want to add to default roles for the local bus. We can type a specific group name, or use one of the following specialized group names:
- Server
- This group contains application servers.
- AllAuthenticated
- This group contains authenticated users only.
- Everyone
- This group contains all users. Each user is anonymous.
Conditional parameters
None.
Optional parameters
- -uniqueName uniqueName
- Name that uniquely defines the group in the user registry. If an LDAP user registry is in use, the unique name is the distinguished name (DN) for the group. We can specify values for both -uniqueName and -group, but ensure that they identify the same group. The command does not check that the values match.
Examples
The following example adds a group with the group name Group1, and the unique name SalesGroup, to the sender role type for a bus called Bus1.
AdminTask.addGroupToDefaultRole ('[-bus Bus1 -role Sender -group Group1 uniqueName SalesGroup]')The following example adds the AllAuthenticated group to the browser role for a bus called Bus1.
AdminTask.addGroupToDefaultRole ('[-bus Bus1 -role Browser -group AllAuthenticated]')