Service integration bus security uses role-based authorization.
When messaging security is enabled, users and groups require authority to
send messages from a secured local bus destination to a secured foreign bus.
By adding selected users and groups to the sender role for a selected foreign
bus, you can control who has authority to send messages to the selected foreign
bus.
Before you begin
This task assumes that the following conditions have been met:
- One or more foreign bus connections have been configured for the local
bus. For more information, see Configuring foreign bus connections.
- The users and groups that you want to add to foreign bus roles must exist
in the user repository.
About this task
By default, when security is enabled, users and groups cannot
send messages to a foreign bus. You must add them to the sender role for
the foreign bus. In this task you uses an administrative console wizard to
select one or more foreign buses, retrieve selected users or groups from the
potentially very large number of users and groups in the user repository,
and add them to the sender role for the selected foreign buses.
Procedure
- Start the administrative console.
- Click .
A list of the foreign buses defined for the selected bus is displayed
in the Foreign buses panel.
- Select one or more foreign buses to work with:
- Click a single foreign bus name.
- Select the check boxes next to multiple foreign bus names, and then
click Manage Access Roles.
The Foreign bus access roles panel is displayed.
The access roles information for each foreign bus you have selected is displayed
in a collapsed section.
- Expand a foreign bus header to list the users and groups that have
been assigned to roles for this foreign bus.
You can verify that
the user or group you want to add does not already have a role for this foreign
bus.
- Click Add to start the Security wizard.
The wizard takes you through the following steps to add selected users
or groups to the sender role for the selected foreign bus:
- Search for the users or groups that you want to add to the sender
role for the expanded foreign bus:
- Users or Groups
- Select either Users or Groups to
specify whether you want to grant access roles to users or groups.
- Search pattern
- This field is mandatory. Specify a search string that is matched against
user IDs or group names in the user repository. Only user IDs or group names
that match the search pattern are retrieved, subject to the maximum number
of search results. Wildcard characters are allowed.
- Maximum number of search results to display
- This field is mandatory. Specify the maximum number of user IDs or group
names you want the administrative console to display.
- Click Next.
The wizard displays
the users or groups in the user repository that match the information that
you provided in the previous step.
- Select the check boxes next to the user IDs or group names that
you want to add to the sender role for the currently expanded foreign bus,
and click Next.
A list of users IDs or group
names that you can add to the sender role is displayed. Note that some users
or groups might already be assigned to the sender role for this foreign bus.
- Select the Sender icon for a user ID
or group name that you want to add to the sender role.
The icon changes from to to show that you have added the user or group to the access role for the resource.
- Repeat the previous step for each user or group you want to
add to the sender role, and then click Next.
A summary of your role assignments is displayed.
- Optional: Click Previous to
review and change your assignments, if required.
- Click Finish to confirm your assignments.
- Save your changes to the master configuration.
Results
The selected users and groups are added to the sender role for the
selected foreign bus. The new access roles are displayed in the Foreign
bus access roles panel.
What to do next
Use the administrative console to complete other security administrative
tasks.