Console users settings and CORBA naming service user settings

Use the Console users settings page to give users specific authority to administer application servers through tools such as the administrative console or wsadmin scripting. The authority requirements are only effective when global security is enabled. Use the Common Object Request Broker Architecture (CORBA) naming service users settings page to manage CORBA naming service users settings.

To view the Console Groups administrative console page, click System administration > Console settings > Console Groups.

To view the CORBA naming service groups administrative console page, click Environment > Naming > CORBA Naming Service Groups.

User (Console users)

Specifies users.

The users that are entered must exist in the configured active user registry.

Data type: String

User (CORBA naming service users)

Specifies CORBA naming service users.

The users that are entered must exist in the configured active user registry.

Data type: String

Role (Console users)

Specifies user roles.

The following administrative roles provide different degrees of authority that are needed to perform certain application server administrative functions:
Administrator
The administrator role has operator permissions, configurator permissions, and the permission that is required to access sensitive data including server password, Lightweight Third Party Authentication (LTPA) password and keys, and so on.
Operator
The operator role has monitor permissions and can change the run-time state. For example, the operator can start or stop services.
Configurator
The configurator role has monitor permissions and can change the WebSphere Application Server configuration.
Monitor
The monitor role has the least permissions. This role primarily confines the user to viewing the application server configuration and current state.
Data type: String
Range: Administrator, Configurator, Operator, and Monitor

Role (CORBA naming service users)

Specifies naming service user roles.

A number of naming roles are defined to provide degrees of authority that are needed to perform certain application server naming service functions. The authorization policy is only enforced when global security is enabled. The following roles are valid: CosNamingRead, CosNamingWrite, CosNamingCreate, and CosNamingDelete.

The roles now have authority levels from low to high:
CosNamingRead
You can query the application server name space by using, for example, the Java Naming and Directory Interface (JNDI) lookup method. The EVERYONE special-subject is the default policy for this role.
CosNamingWrite
You can perform write operations such as JNDI bind, rebind, or unbind, plus CosNamingRead operations.
CosNamingCreate
You can create new objects in the name space through operations such as JNDI createSubcontext and CosNamingWrite operations.
CosNamingDelete
You can destroy objects in the name space, for example using the JNDI destroySubcontext method and CosNamingCreate operations.
Data type: String
Range: CosNamingRead, CosNamingWrite, CosNamingCreate and CosNamingDelete



Related tasks
Authorizing access to administrative roles
Related reference
Administrative console buttons
Administrative console page features
Administrative console scope settings
Administrative console preference settings
Reference topic    

Terms of Use | Feedback

Last updated: Sep 20, 2010 9:00:59 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-nd-dist&topic=usecconuser
File name: usec_conuser.html