Map users to RunAs roles

RunAs roles are used for delegation. For more information, see Delegation.

Before you perform this task, already have completed the steps described in Secure Web applications during assembly and Secure enterprise bean applications during assembly where new roles were created and assigned to enterprise bean and Web resources. Also, have assigned users and groups to roles.

It is recommended that this step be done during the installation of the application. This is because the environment (user registry) under which the application runs is not known until deployment. If you already know what environment the application is going to be run and the user registry that is going to be used, then you can use Application Assembly Tool to assign users to RunAs roles.

To map users to RunAs roles, perform these steps in the Application Assembly Tool:

1. To open the application file, click File --> Open. Click Browse, and select the application file.
2. Click the application folder.
3. Click on the Bindings tab on the right hand side panel.
4. Click Add button under RunAs Bindings.
5. Select a role from the drop-down list of the Security Role.
6. Enter a user ID in the User Id field and a password in the Password field. Click OK. Make sure the User Id that you enter is part of the Security Role that is selected. If a special subject AllAuthenticated is assigned to the Security Role, you can use any valid User Id and Password. If a special subject Everyone is assigned to Security Role, you need not map any user to that role.
7. Repeat the above steps (4 to 6) for all the RunAs roles in the application.
8. Click Apply when you are done.

The ibm-application-bnd.xmi file in the application contains the user to RunAs role mapping table.