Mapping users to roles
Use this page to specify the users and groups that are mapped to the security roles that are used with the enterprise application.
To view this console page, click Application > Install new application.
While using the Install New Application Wizard, prompts appear to help you map security roles to users. You also can configure security roles to user mappings of deployed applications. Different roles can have different security authorizations. Mapping users or groups to a role authorizes those users or groups to access applications defined by the role. Users, groups, and roles are defined when an application is installed or configured.
You also can select role to user and group mappings while you are deploying applications. After deployment, click Security role to user/group mapping under Detailed properties to change user and group mappings to a role.
- Look up users
Enables the server to locate the users that you can define for a particular security role.
Select the check box beside the role and click Look up users. Complete the Limit and the Search string fields. The Limit field contains the number of entries that the search function returns. The Search string field contains the search pattern used for searching entries. For example, bob* searches all users or groups starting with bob. A limit of zero returns all the entries that match the pattern. Use this value only when a small number of users or groups match this pattern in the registry. If the registry contains more entries that match the pattern than requested, a message appears in the console to indicate that there are more entries in the registry. You can either increase the limit or refine the search pattern to get all the entries.
- Look up groups
Enables the server to locate the groups that you can define for a particular security role.
Select the check box beside the role and click Look up groups. Complete the Limit and the Search string fields. The Limit field contains the number of entries that the search function returns. The Search string field contains the search pattern used for searching entries. For example, bob* searches all users or groups starting with bob. A limit of zero returns all the entries that match the pattern. Use this value only when a small number of users or groups match this pattern in the registry. If the registry contains more entries that match the pattern than requested, a message appears in the console to indicate that there are more entries in the registry. You can either increase the limit or refine the search pattern to get all the entries.
Configuration tab
- Role
Maps specific capabilities to a user. Role privileges give users and groups permission to run as specified.
Select the check boxes to choose a role or a set of roles. Click Look up users to map users to the roles that you have selected. Click Look up groups to map groups to the selected roles. Use the check boxes to map roles to EVERYONE or ALL AUTHENTICATED special subject.
For example, you might map the user Joe to the administrator role, which enables user Joe to perform all of the tasks associated with the administrator role.
The authorization policy is only enforced when global security is enabled.
- Everyone
Specify whether to map everyone to a specified role. When you map everyone to a role, anyone can access the resources that are protected by this role and, essentially, there is no security.
- All authenticated
Specify whether to map all of the authenticated users to a specified role. When you map all authenticated users to a specified role, all of the valid users in the current registry who have been authenticated can access resources that are protected by this role.
- Mapped users
Lists the users that are mapped to the specified role within this application.
- Mapped groups
Lists the groups that are mapped to this specified role within this application.
Related concepts
Assembly tools
Related tasks
Assigning users and groups to roles
Related Reference
User RunAs collection
Reference topic