Security role assembly settings

A security role is a logical grouping of principals. Access to operations (such as EJB methods) is controlled by granting access to a role. In WebSphere Application Server Version 5.0, if a role is added at the EAR application level, it will be removed when you save the archive file, since it is not associated with any module.

Role Name

Specifies the name of a security role that is unique to an application. This setting applies only when you are specifying security roles at the application level (EAR file).

Description

Contains text that describes the application-specific security role. This setting applies only when you are specifying security roles at the application level (EAR file).

Binding -- Groups -- Name

Specifies the user groups that are granted the application-specific security role. This setting applies only when you are specifying security roles at the application level (EAR file).

Binding -- Users -- Name

Specifies the users that are granted the application-specific security role. This setting applies only when you are specifying security roles at the application level (EAR file).

Binding -- Special Subjects -- Name

Specifies one of two special categories of users to which roles can be granted: Everyone or All authenticated users.

Specifies one of two special categories of authenticate users to which application-specific security roles can be granted: Everyone or All. This setting applies only when you are specifying security roles at the application level (EAR file).

If the special subject All is granted a role, any user who can authenticate by using a valid user ID and password is considered to be granted that role.

If the special subject Everyone is granted a role, all users, including those who did not authenticate, are granted the role. In other words, a method on Enterprise Beans or a URI is unprotected if any of the required roles for that method are granted to the special subject Everyone.