IBM Business Process Manager application Java EE roles

IBM® Business Process Manager application Java EE roles are application-defined logical constructs, which are bound to specific principals at deployment time. A principal can be a user or a group.

By default, IBM Business Process Manager maps many of the Java EE roles to All Authenticated users. If your IBM Business Process Manager system is only accessed by a subset of users, for example, from your corporate LDAP, you should create a group that contains all relevant IBM Business Process Manager users and assign this group to the roles that are set to All Authenticated users.

Unlike IBM Business Process Manager security roles, Java EE roles contain a set of permissions that are specified as constraints. These permissions provide the user or group access to a particular method, bean, or URLs. Role-based authorization in Java EE can be defined by using:
  • Declarative authorization, which is configured in the web.xml and ejb-jar.xml files.
  • Programmatic authorization, which uses of the standard Java EE application programming interface.
Parent topic: Reference information for IBM Business Process Manager