Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure Service integration > Secure service integration > Administer authorization permissions > Administer topic roles

Add users and groups to topic roles

Service integration bus security uses role-based authorization. When messaging security, and topic level authorization is enabled, users and groups must be authorized to access topics in a publish/subscribe topic hierarchy. By adding users and groups to topic roles, you control access to a topic in a selected topic space.

• The users and groups to add to topic space root roles must exist in the user repository.

• Topic roles are effective only when the Topic Access Check Required setting is enabled in the configuration for a topic space. See Configure bus destination properties.

Topics are organized into one or more hierarchies within a topic space. If the Topic Access Check Required setting is enabled for the topic space, a user must have authorization to access the topic itself. We can add access roles to a topic before it is created at runtime. A topic inherits access roles from its parent unless you explicitly block the inheritance. See Enable topic role inheritance.

In this task you use an admin console wizard to add users or groups to the sender and receiver roles for a selected topic.

Procedure

1. Log into the admin console.

2. Click Service integration -> Buses -> security_value -> [Authorization Policy] Manage topic access roles -> topic_space_name > topic_name . The Topic space root panel lists the users and groups that are assigned to role types for the selected topic.

3. Click Add to start the Security wizard:
   1. Provide the following information to enable the wizard to identify the users or groups to add to role types for the selected topic:
      Resource
      Specify the name of the topic.
      Users or Groups
      Select either Users or Groups to specify whether to grant access roles to users or groups.
      Search pattern
      This field is mandatory. Specify a search string that is matched against user IDs or group names in the user repository. Only user IDs or group names that match the search pattern are retrieved, subject to the maximum number of search results. Wild card characters are allowed.
      Maximum number of search results to display
      This field is mandatory. Specify the maximum number of user IDs or group names you want the admin console to display.
   2. Click Next. The wizard lists the users IDs or group names that match the information that providedd in the previous step.

   3. Select the check boxes for the user IDs or group names to assign to roles for the selected topic.

   4. Click Next. The wizard lists the topic role types that you can assign for the users or groups you selected in the previous step. Role types might already have been assigned for a specific user or group.

   5. Select the role types for each of the selected users or groups. For example, to assign a user ID to the sender role, select the Sender icon for that user ID. The icon changes from to to show that we have added the user or group to the access role for the resource.

   6. Click Next. A summary of your role type assignments for the selected topic is displayed.

   7. To change your assignments, click Previous to return to the Select role types step. Make changes to your assignments, and click Next to return to the Confirm step.

   8. Click Finish to confirm your assignments and save changes to the master configuration.

Results

The updated role type assignments for the selected users or groups are displayed in the Topic access roles panel.
Messaging security
Topic security
Role-based authorization

Related

Access role assignments for bus security resources
addGroupToTopicRole command
addUserToTopicRole command
Topic [Settings]

+

Search Tips   |   Advanced Search