Use
You can map users or groups to a security role. Security roles management enables you to apply security constraints over these security roles and, in this way, to manage the permissions of the users and groups that are mapped. You can apply different security constraints:
· Over the different resources on the server.
· Over the domains on an application that requires zones with more specific security permissions.
The users and groups that are mapped to a security role gain the same security rights as those applied over the security role itself.
In the case of the default security role administrator that contains the default user Administrator – the Administrator has permissions to manage all the resources on the J2EE Engine, since its role has permissions to perform all administrative functions.
Procedure
...
In the Security Provider Service, choose the Runtime ® Policy Configurations ® Security Roles tab. Then choose the Switch to edit mode button in the upper left-hand part of the screen.
Action | Procedure |
Create a new security role | ... 1. Select a component to which the security role will be applied from Components. 2. On the Security Roles tab page, choose Add. 3. In the Add Security Role dialog, specify the name of the new role and its description. The description is displayed each time a user selects the role, and allows the others users to understand the purpose of the role you create. 4. Choose OK. |
Create a role reference | ... 1. Select the role from which you want to create a reference to another role. 2. Choose the Role Reference button. 3. Select a role to map to from the right-hand side Security Roles list. 4. Choose Save. Your new role reference is mapped to the selected security role. We recommend that instead of creating a new security role, you use a role reference to an existing security role that has already been configured, which corresponds to the mappings you need. If you have an application and a resource in the application to which you want to apply security restrictions, you can create a role reference to the administrators security role. Now create a new security role named application_role. Specify a reference from the application_role to the administrators role. When you save the role, the users mapped to the administrators role will have access to the resource that is mapped to the application_role. The benefit for you is that if a user or a group is removed from the administrators group, you will not have to make any changes to the application_role, since you only reference the corresponding administrators role. This enables you to keep the security configuration stable. |
Apply run-as-identity for a user | Select the role to mark as run-as-identity and choose Change. |
Remove a security role | ... Select the role from the Security Roles list and choose Remove. |