Look up users

Use this page to select and to map users, groups and special subjects for security roles.

To view this administrative console page, complete the following steps:

Click Applications > Application types > WebSphere enterprise applications > application_name.
Under Detail Properties, click Security role to user/group mapping.
Select the role and click either Map users..., Map groups... or Map Special Subjects.

Note: Once you click OK after making any changes, you must also click OK on the previous panel for the changes to be accepted.

Different roles can have different security authorizations. Mapping users or groups to a role authorizes those users or groups to access applications defined by the role. Users and groups are associated with roles defined in an application when the application is installed or configured. Use the Search pattern field to display users in the Available list. Click >> to add users from the Available list to the Selected list.

Map users...

Lists the users that are mapped to the specified role within this application.

Map groups...

Lists the groups that are mapped to this specified role within this application.

Map Special Subjects

This choice appears if multiple realms are being used. It enables you to map any of the following to selected roles:

All authenticated users that are in the applications's realm, which specifies whether to map all of the authenticated users to a specified role. When you map all authenticated users to a specified role, all of the valid users in the current registry who have been authenticated can access resources that are protected by this role.
All authenticated users regardless of the realm.
Everyone, which specifies whether to map everyone to a specified role. When you map everyone to a role, anyone can access the resources that are protected by this role and, essentially, there is no security.
All users in the trusted realms.
If trusted realms are configured, a drop-down list of realms to search is displayed. Users from the non-default realm are displayed as user@realm.

Note: If the secured realm cannot be reached, the list is replaced with 3 text fields (that is, name, realm, and uid). You can add the user when the secured realm is not available.

It is not possible to map two subjects to the same role in this release of WebSphere® Application Server.

Limit

Specifies the maximum number of users or groups that can be returned when assigning users/groups to roles.

A value of 0 implies a return of all users or groups that match the pattern. You can either increase the limit or refine the search pattern to get all the entries.

Information	Value
Data type	Integer
Units	User name
Default	20
Range	0 or more

Search string

Indicates the search pattern used to search for the entries in a user registry.

The Search string field contains the search pattern that is used to search for the user or group entries. For example, bob* will search all users or groups starting with bob. A limit of zero (0) retrieves all of the entries that match the pattern. Use a limit of zero (0) only when a small number users or groups match that pattern in the user registry. If the user registry contains more entries that match the pattern than requested for, a message shows in the administrative console to indicate that there are more entries in the user registry.

Information	Value
Data type	String
Units	Number of users
Default	20
Range	A-Z with *