Assigning users to naming roles
Use this task to assign users to naming roles using the administrative console.
The following steps are needed to assign users to naming roles. In the administrative console, click Environment > Naming, and click CORBA Naming Service Users or CORBA Naming Service Groups.
Tasks
- Click Add on the CORBA Naming Service Users or the CORBA Naming Service Groups panel.
- To add a new naming service user, follow the instructions on the page to specify a user, and select one or more roles. Once the user is added to the Mapped to role list, click OK. The specified user is mapped to one or more security roles.
- To add a new naming service group, follow the instructions on the page to specify either a group name or a Special subject, highlight one or more roles, and click OK. The specified group or special subject are mapped to one or more the security roles
- To remove a user or group assignment, go to the CORBA Naming Service Users or CORBA Naming Service Groups panel. Select the check box next to the user or group to remove and click Remove.
- To manage the set of users or groups to display, expand the Filter folder on the panel, and modify the filter text box. For example, setting the filter to user* displays only users with the user prefix.
- After modifications are complete, click Save to save the mappings. Restart the server for the changes to take effect.
Example
The default naming security policy is to grant all users read access to the CosNaming space and to grant any valid user the privilege to modify the contents of the CosNaming space. We can perform the previously mentioned steps to restrict user access to the CosNaming space. Use caution when changing the naming security policy. Unless a Java EE application has clearly specified its naming space access requirements, changing the default policy can result in unexpected org.omg.CORBA.NO_PERMISSION exceptions at runtime.
Related:
(ZOS) Special considerations for controlling access to naming roles using SAF authorization Administrative roles and naming service authorization Role-based authorization Access control exception for Java 2 security Authorizing access to administrative roles Assigning users and groups to roles Assigning users to RunAs roles Administrative group roles and CORBA naming service groups