naming service user settings
Use the Administrative User Roles page to give users specific authority to administer appservers through tools such as the admin console or wsadmin scripting. The authority requirements are only effective when global security is enabled. Use the Common Object Request Broker Architecture (CORBA) naming service users settings page to manage CORBA naming service users settings.
To view the Console Users admin console page, complete either of the following steps:
- Click Security > Global security > Administrative User Roles.
- Click Users and Groups > Administrative User Roles.
To view the CORBA naming service groups admin console page, click Environment > Naming > CORBA Naming Service Groups.
- User (Administrative user roles)
Specifies users.
The users that are entered must exist in the configured active user registry.
Data type: String
- User (CORBA naming service users)
Specifies CORBA naming service users.
The users that are entered must exist in the configured active user registry.
Data type: String
- Role (Administrative user roles)
Specifies user roles.
The following admin roles provide different degrees of authority that are needed to perform certain appserver admin functions:
- Administrator
- The administrator role has operator permissions, configurator permissions, and the permission that is required to access sensitive data including server password, LTPA password and keys, and so on.
- Operator
- The operator role has monitor permissions and can change the run-time state. For example, the operator can start or stop services.
- Configurator
- The configurator role has monitor permissions and can change the WAS configuration.
- Deployer
- The deployer role can complete both configuration actions and run-time operations on applications.
- Monitor
- The monitor role has the least permissions. This role primarily confines the user to viewing the appserver configuration and current state.
- adminsecuritymanager
- The adminsecuritymanager role has privileges for managing users and groups from within the admin console and determines who has access to modify users and groups using admin role mapping. Only the adminsecuritymanager role can map users and groups to admin roles, and by default, AdminId is granted to the adminsecuritymanager.
- iscadmins
- The iscadmins role has administrator privileges for managing users and groups from within the admin console only.
To manage users and groups, click Users and Groups Click either Manage Users or Manage Groups.
Data type: String Range: Administrator, Operator, Configurator, Deployer, Monitor, and iscadmins
Other arbitrary admin roles might also be visible in the admin console collection table. Other contributors to the console might create these additional roles, which can be used for applications that are deployed to the console.
- Role (CORBA naming service users)
Specifies naming service user roles.
A number of naming roles are defined to provide degrees of authority that are needed to perform certain appserver naming service functions. The authorization policy is only enforced when global security is enabled.
The following roles are valid: CosNamingRead, CosNamingWrite, CosNamingCreate, and CosNamingDelete.
The roles now have authority levels from low to high:
- CosNamingRead
- We can query the appserver name space by using, for example, the JNDI lookup method. The EVERYONE special-subject is the default policy for this role.
- CosNamingWrite
- We can perform write operations such as JNDI bind, rebind, or unbind, plus CosNamingRead operations.
- CosNamingCreate
- We can create new objects in the name space through operations such as JNDI createSubcontext and CosNamingWrite operations.
- CosNamingDelete
- We can destroy objects in the name space, for example using the JNDI destroySubcontext method and CosNamingCreate operations.
Data type: String Range: CosNamingRead, CosNamingWrite, CosNamingCreate and CosNamingDelete
- Login status (Administrative user roles)
Whether the user is active or inactive.
Related tasks
Authorizing access to admin roles
Related
Administrative console buttons
Administrative console page features
Administrative console scope settings
Administrative console preference settings
migrateEAR utility for TAM