Add users and groups to roles

Before you perform this task, have already completed the steps in the Secure Web applications during assembly and Secure enterprise bean applications during assembly topics. During these steps, you create new roles and assign those roles to enterprise bean and Web resources. You complete these steps during application installation. This is because the environment (user registry) under which the application is running is not known until deployment.

If you already know the environment in which the application is running and the user registry that is used, then you can use the Application Assembly Tool (AAT) to assign users and groups to roles. However, it is recommended that you use the administrative console to assign users and groups to roles.

If you choose to assign users and groups to roles during the assembly process, perform these steps in the Application Assembly Tool:

1. Open the application file. Click File --> Open. Click Browse, and select the application file.
2. Open the application folder.
3. Click Security Roles.
4. Click the Bindings tab on the right panel.
5. Select a role from the right navigation top panel.
6. (Optional) Add a special subject (All authenticated users or Everyone) to a role. Click Add under Special Subjects and select All authenticated users or Everyone, as required. Click OK. When All authenticated users or Everyone special subjects is assigned to a role, you can skip the next two steps for that role.
7. Add a group to role by clicking Add under Groups and type in a group name. Click OK. Repeat this operation to add more groups.
8. Add a user to a role by clicking Add under Users. Type a user name and click OK. Repeat this operation to add more users.
9. Repeat steps 5 through 8 for all the roles.
10. Click Apply when you are done.

The ibm-application-bnd.xmi file in the application contains the users and groups to roles mapping table (authorization table).