Configuring access control

WebSphere® Service Registry and Repository (WSRR) makes use of role based access control for J2EE roles and for access control policies at a fine grained level. Both these depend on defining roles based on principals drawn from a user registry such as LDAP or the underlying operating system.

Before you begin

Note: If you create a WSRR access control role called Administrator, this might cause confusion with the J2EE Administrator role, for example, a user in the J2EE Administrator role can access the Web UI Configuration perspective, whereas a user in the WSRR Administrator access control role, but not in the J2EE Administrator role, cannot.
  • Considerations for customizing access control
    By default, WSRR supports coarse grained access control; this means that users can perform operations on all entities in WSRR. Most organizations will want to enforce finer grained access control, allowing only specific groups of users to change services.
  • User registry support
    WSRR relies on the user registry integration provided by WebSphere Application Server to integrate with user registries.
  • J2EE role mappings
    WSRR defines J2EE roles that must be mapped to user or group principals.
  • Defining WSRR fine grained access control
    WSRR provides fine grained access control by using an enhanced JACC provider that is based on XACML.
Parent topic: Configuring and customizing