+

Search Tips   |   Advanced Search

Mapping users to RunAs roles using an assembly tool


RunAs roles are used for delegation. A servlet or enterprise bean component uses the RunAs role to invoke another enterprise bean by impersonating that role.

Before you perform this task:

This procedure might not match the steps that are required when using the assembly tool, or match the version of the assembly tool that we are using. You should follow the instructions for the tool and version that we are using.

To define RunAs roles when a servlet or an enterprise bean in an application is configured with RunAs settings, perform these steps:

 

  1. In the Project Explorer view of an assembly tool, right-click an enterprise application project or EAR file and click Open With > Deployment Descriptor Editor. An application deployment descriptor editor opens on the EAR file. To access information about the editor, press F1 and click Application deployment descriptor editor.

  2. On the Security tab, under Security Role Run As Bindings, click Add.

  3. Click Add under RunAs Bindings.

  4. In the Security Role wizard, select one or more roles and click Finish.

  5. Repeat steps 3 through 5 for all the RunAs roles in the application.

  6. Close the application deployment descriptor editor and, when prompted, click Yes to save the changes.

 

Results

The ibm-application-bnd.xmi file in the application contains the user to RunAs role mapping table.

 

Next steps

After securing an application, we can install the application using the admin console. We can change the RunAs role mappings of an installed application. For more information, see User RunAs collection.

 

Related concepts


Role-based authorization
Delegations

 

Related tasks


Assigning users to RunAs roles

 

Related


User RunAs collection
Security: Links