IBM Integration Bus, Version 9.0.0.8 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Controlling access to data and resources in the web user interface

Broker administrators can control web users' access to data and broker resources by assigning permissions to users based on their role.

Before you start:

Read the following topics:
- Administering brokers using the web user interface
- Role-based security
Ensure that your web administration server has been configured; for more information, see Configuring the web user interface server
Sign in to the web administration server, as described in Accessing the web user interface

Broker administrators can restrict web users' access to data and broker resources only if administration security is enabled. If administration security is disabled, web users can interact with the web UI without logging on, which means that they access the web UI as the 'default' user and have access to all data and broker resources.

As a broker administrator, you can restrict users' access by setting permissions on authorization queues. For example, you can ensure that data technicians see only their profile and the Data viewer in the web UI, by granting them read (+inq) authority on the SYSTEM.BROKER.DC.AUTH queue, and no permissions on the SYSTEM.BROKER.AUTH queue.

Web users with no permissions on the SYSTEM.BROKER.AUTH queue, but with read (+inq) authority on the SYSTEM.BROKER.DC.AUTH queue, are able to view and download recorded messages. Web users with no permissions on the SYSTEM.BROKER.AUTH queue, but with read (+inq) and execute (+set) authority on the SYSTEM.BROKER.DC.AUTH queue, are able to view, download, and replay recorded messages.

With administration security enabled, REST users can view only the URIs for which they are authorized. For example, a user with no permissions on the SYSTEM.BROKER.AUTH queue, but with read (+inq) authority on the SYSTEM.BROKER.DC.AUTH queue, can request information about messages recorded under a DataCaptureStore, whereas a user with read and execute (+inq and +set) authority on the SYSTEM.BROKER.DC.AUTH queue can view and replay messages. If administration security is disabled, all REST requests are unrestricted.

Note:

A check is made on all SYSTEM.BROKER.AUTH queues to establish the permissions that the user has. As a result of this check, AMQ8077 messages might be seen. End of change

Broker administrators can also allow web users to start and stop integration servers, applications, and message flows from the web user interface, by granting permissions to the roles that are associated with the users.

For more information about role-based access, see Role-based security and Managing web user accounts.

bn28470_.htm |

Last updated Friday, 21 July 2017