Providing security

Virtual member manager provides role based security for both changing the configuration and using the runtime APIs.

Configuration security

The virtual member manager configuration can be changed from the WebSphere Administrative Console, the wsadmin commands, and scripting. Only a user assigned the WebSphere Application Server Administrator role can change the configuration from the console or by using the commands. The wsadmin commands can also be used in local mode during WebSphere Application Server installation.

Runtime security

During runtime operations, by default, virtual member manager supports only two roles:
WebSphere Application Server Administrator
A user who authenticates as the WebSphere Application Server Administrator, may perform any virtual member manager function against any virtual member manager object.
Account Owner role
The Account Owner role is virtual member manager specific and not a J2EE role. If the authenticated user is the owner of the registry object, the user is programmatically assigned the Account Owner role. The authenticated user can change its own password and search on itself only. The user is not authorized to make any other modifications, nor can the user search, view, create, or delete any objects in the repositories.
Account-Owner-Role
	SEARCH Entity/RolePlayer/Party/LoginAccount/*
	UPDATE Entity/RolePlayer/Party/LoginAccount/*
	WRITE Entity/RolePlayer/Party/LoginAccount/* sensitive
	READ Entity/RolePlayer/Party/LoginAccount/* unchecked
	WRITE Entity/RolePlayer/Party/LoginAccount/* unchecked

All Authenticated Users
	Account-Owner-Role {Condition: OWNERSHIP == true}
	
The virtual member manager runtime API that WebSphere Application Server needs for authentication, does not have any access control applied. The effect is twofold:
  • Prevents circular dependencies between WebSphere Application Server security and virtual member manager during authentication to WebSphere Application Server
  • Provides quick authentications


Terms of use | Feedback

http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.wim.doc/security.html