There are two choices you have when assigning roles: WebSphere
Application Server authorization, which uses the Security role
to user/group mapping panel of the administrative console or the
system authorization facility (SAF) for role-based authorization,
which uses SAF authorization for Java 2 Platform, Enterprise Edition
(J2EE) roles. This topic only describes using the Security role
to user/group mapping panel of the administrative console (WebSphere
Application Server authorization for J2EE roles) to assign users and
groups to roles.
About this task
These steps are common for both installing an
application and modifying an existing application. If the application
contains roles, you see the Security role to user/group mapping link
during application installation and also during application management,
as a link in the Additional properties section.
What to do next
This task is required to assign users and groups to roles,
which enables the correct users and groups to access a secured application.
If you are installing an application, complete your installation.
After the application is installed and running you can access your
resources according to the user and group mapping that you did in
this task. If you manage applications and modify the users and groups
to role mapping, make sure you save, stop, and restart the application
so that the changes become effective. Try accessing the J2EE resources
in the application to verify that the changes are effective.
Note: Depending upon how your active user registry is configured,
the search results of security user or group role mappings are displayed
in different formats. With federated repository, LDAP, file-based
and custom registries can be used. WebSphere Application Server can
uniquely identify users from various registries by the user names
listed in the table.
Attention: In a distributed environment,
when you install WebSphere Application Server with samples, enable
security using federated repositories, and start the server1 server
with sample applications, the server might create exceptions. However,
the server starts successfully. The deployment manager did not create
user and group samples when it created the deployment manager profile.
To resolve exceptions caused by the samples failing to load, create
your own sample users and groups. In the administrative console, do
the following:
- Click Users and Groups > Manage Users.
- Create the samples user and the sampadmn group.
The samples user is a member of the sampadmn group.
For more assistance, refer to the "Managing users" help topic
by clicking
More information about this page at the top right
of the Manage Users panel.