Adding users and groups in the bus connector role

Service integration bus security uses role-based authorization. By adding users and groups to the bus connector role for a secured bus, you can control which users and group members have access to the bus and its resources.

Before you begin

Ensure that security is enabled for the bus.
The users and groups that you want to add to the bus connector role must exist already in the user repository.

About this task

Adding users and groups to the bus connector role enables them to connect to the bus to carry out messaging operations. You can add a user directly to the bus connector role, or indirectly by adding a group to which the user belongs. You can also add special groups of users. There are three special groups:

Server: The server identity is a WebSphere® Application Server . You cannot specify the Server group for a JMS message-driven bean (MDB).
All Authenticated: This group comprises all user identities that authenticate successfully to the bus.
Everyone: The user identities in this group are anonymous, and connect to the bus without security authentication.

Tips:

If the user registry is an LDAP registry, you must use the group distinguished name (DN) when you specify a group name to add to a bus connector role. Using the common name (CN) causes problems in security authorization. For more information, refer to Service integration bus security: Troubleshooting tips and Standalone Lightweight Directory Access Protocol registries.
If you attempt to add a user or a group that is already a member of the bus connector role, a warning message is displayed.

In this task you use an administrative console wizard to add groups and users to the bus connector role for a selected local bus.

Procedure

Log into the administrative console.
Click Service integration -> Buses -> security_value -> [Authorization Policy] Users and groups in the bus connector role.
A list of the users and groups already in the bus connector role for the selected bus is displayed. By default, the list is empty for a new bus.
Click New to start the Security Resource Wizard.
Choose whether you want to add groups or users:
- If you want to add a special group, select The built-in special groups option.
- If you want to add other groups or users in the user repository, select the appropriate option, and complete the following mandatory fields:
  
  Search pattern
  
  Specify a string to match against user IDs or group names in the user repository. Only user IDs or group names that match the search pattern are retrieved, subject to the maximum number of search results. You can specify wildcard characters.
  
  Maximum number of search results to display
  
  Specify the maximum number of user IDs or group names to display.
Click Next to display a list of groups or users.
Select the names of the groups or users you want to add to the bus connector role, and click Next.
Click Finish to confirm you choices.
Save your changes to the master configuration.

Results

The selected users and groups are added to the bus connector role for the selected bus.