Security role to user or group mapping
Specify the users and groups that are mapped to the security roles used with the enterprise application.
If we are using System Authorization Facility (SAF) authorization for Java EE roles, refer to System Authorization Facility for role-based authorization for more information.
From the admin console, click...
Applications > Application types > WebSphere enterprise applications > application_name > Detail Properties > Security role to user/group mapping.
Button Resulting action Map Users Lists the users that are mapped to the specified role within this application. If trusted realms are configured, a drop-down list of realms to search is displayed. Users from the non-default realm are displayed as user@realm
Map Groups Lists the groups that are mapped to this specified role within this application. If trusted realms are configured, a drop-down list of realms to search is displayed. Users from the non-default realm are displayed as user@realm
Map Special Subjects This choice appears if multiple realms are being used. It enables us to map any of the following Special Subjects to a selected role:
All authenticated in application realm Whether to map all authenticated users to a specified role. All of the valid users in the current registry who have been authenticated can access resources that are protected by this role. This selection also applies to all authenticated users regardless of the realm. Everyone Map everyone to the selected role. When we map everyone to a role, anyone can access the resources that are protected by this role and, essentially, there is no security. None Do not map anyone to the selected role
If the secured realm cannot be reached, the list is replaced with 3 text fields (that is, name, realm, and uid). We can add the user when the secured realm is not available.
It is not possible to map two subjects to the same role in this release of WAS.
Role
Lists the specific capabilities to a user. Role privileges give users and groups permission to run as specified.
For example, we might map the user Joe to the administrator role, which enables user Joe to perform all of the tasks associated with the administrator role.
The authorization policy is only enforced when global security is enabled.
Mapped users
Lists the users that are mapped to the specified role within this application.
Special subjects
Lists which special subjects are mapped to the security role when an application uses multiple realms.
Mapped groups
Lists the groups that are mapped to this specified role within this application.
Related:
- (ZOS) System Authorization Facility for role-based authorization
- Development and assembly tools
- Assigning users and groups to roles
- User RunAs collection