Service integration bus security uses role-based authorization.
When messaging security is enabled, users and groups require authority to
send and receive messages from the topic space root in a publish/subscribe
topic hierarchy. By adding users and groups to topic space root roles, you
control access to the root topic in a selected topic space.
Before you begin
- The users and groups you want to add to topic space root roles must exist
in the user repository.
- Topic space root roles are effective only when the Topic Access
Check Required setting is enabled in the configuration for a topic
space. For more information, see Configuring bus destination
properties.
About this task
Topic space root (/) is the highest level topic in a publish/subscribe
topic hierarchy. The hierarchy itself is called the topic space. Note that
this task applies only to the topic space root; it does not apply to adding
users and groups to topics or a topic space. For information about adding
users and groups to topic access roles, see Adding users and groups to topic roles, and for adding users and groups to topic space
access roles, see Adding users and groups to
destination roles. You can add users and groups to the
sender and receiver roles for the topic space root. The topic space root can
also inherit access in the sender and receiver roles from the topic space,
providing the topic space is configured to inherit the default destination
roles. For more information about topic inheritance, see Topic
security.
By
default, a topic space does not contain a root topic. In this task you use
an administrative console wizard to add a root topic to an existing topic
space, retrieve the users and groups from the user repository that you want
to assign to roles on the new root topic, and add them to the root topic.
Procedure
- Log into the administrative console.
- Click .
The Topic spaces panel lists the topic spaces defined
on the selected bus.
- Select the name of the topic space where you want to add a new
root topic.
The Topics panel displays the
selected topic space in a collapsible section.
- Click Add to start the Security wizard:
- Identify the users or groups that you want to add to the sender
and receiver roles for the new root topic:
- Users or Groups
- Select either Users or Groups to
specify whether you want to grant roles to users or groups.
- Search pattern
- This field is mandatory. Specify a search string that is matched against
user IDs or group names in the user repository. Only user IDs or group names
that match the search pattern are retrieved, subject to the maximum number
of search results. You can use wildcard characters in the search string.
- Maximum number of search results to display
- This field is mandatory. Specify the maximum number of user IDs or group
names that you want the administrative console to display.
- Click Next.
The wizard displays
the new root topic, and lists the users IDs or group names in the user repository
that match the information that you provided in the previous step.
- Select the check boxes next to the user IDs or group names that
you want to assign to roles on the new root topic.
- Click Next.
The wizard displays
the topic role types that you can assign for the users or groups you selected
in the previous step. Role types might already have been assigned for a specific
user or group.
- Select the role types for the selected users or groups.
For example, to assign a user to the sender role, select the
Sender icon
for the appropriate user ID.
The icon changes from to to show that you have added the user or group to the access role for the resource.
- Click Next.
A summary of
your role type assignments for the root topic is displayed.
- Optional: If you want to change your assignments,
click Previous to return to the Select role
types page, change your assignments, and then click Next.
- Click Finish to confirm your assignments.
The role type assignments are saved to the master configuration, and
the new assignments are displayed in the Topics panel.
- Save your changes to the master configuration.
Results
The selected users and groups are added to topic space root roles
for the new root topic. The Manage access roles panel
displays the new access role assignments.