Security role to user or group mapping [Settings]
We can specify the users and groups that are mapped to the security roles used with the OSGi application.
To view this panel in the administrative console, click one of the following paths:
- Applications > Application Types > Business-level applications > application_name > [Deployed assets] Add > Add Asset > asset_name > Wizard step: Map security roles to users or groups
- Applications > Application Types > Business-level applications > application_name > composition_unit_name > [Additional Properties] Security role to user or group mapping
The Map security roles to users or groups wizard step and the Security role to user or group mapping property are visible only if the application uses security roles.
General Properties
- Role
- List the specific capabilities for a user. Role privileges give users and groups permission to run as specified.
For example, we might map the user Joe to the administrator role, which enables user Joe to complete all of the tasks associated with the administrator role.
The authorization policy is enforced only when global security is enabled.
- Mapped users
- List the users that are mapped to the specified role within this application.
- Mapped groups
- List the groups that are mapped to this specified role within this application.
- Special subjects
- List which special subjects are mapped to the security role when an application uses multiple realms.
Buttons
Label Action Map Users Lists the users that are mapped to the specified role within this application. We can search for, and then select, available users to map to the role. Map Groups Lists the groups that are mapped to this specified role within this application. We can search for, and then select, available groups to map to the role. Map Special Subjects Map any of the following special subjects to a selected role:
- All authenticated in application realm: All authenticated users in the applications realm, which specifies whether to map all the authenticated users to a specified role. When we map all authenticated users to a specified role, all the valid users in the current registry who have been authenticated can access resources that are protected by this role.
This selection also applies to all authenticated users regardless of the realm.
- All authenticated in trusted realms: This option is available only when multiple realms are used. All authenticated users that are in any of the trusted realms are mapped to the specified role. A list of realms to search is displayed. Users from the non-default realm are displayed as user@realm.
- Everyone: Map everyone to the specified role. When we map everyone to a role, anyone can access the resources that are protected by this role and, essentially, there is no security.
- None: Do not map anyone to the specified role.
- If the secured realm cannot be reached, the list of available users is replaced with the text fields name, realm, and uid so that we can add the user directly.
- We cannot map two subjects to the same role in this release of the product.
Secure OSGi applications Add an EBA asset to a composition unit by Add an EBA asset to a composition unit using wsadmin commands Modify the configuration of an OSGi composition unit Assigning users and groups to roles Administrative console buttons Administrative console preferences
File name: was58.html
prettyPrint();