Using the built-in authorization provider

You can extend the capabilities of WebSphere® Application Server by plugging in your own authorization provider. [AIX Solaris HP-UX Linux Windows] [IBM i] You can use the built-in authorization or an external JACC authorization provider. [z/OS] You can use the built-in authorization, a System Authorization Facility (SAF) authorization, or an external JACC authorization provider.

About this task

For an explanation of the administrative console panels that support these capabilities, see:

Procedure

Use the built-in authorization provider.
It is recommended that you do not modify any settings on the authorization provider panels if you use the Built-in authorization option. For more information, see External authorization provider settings.
Use an external authorization provider.
If you use the External authorization using a JACC provider option, the external providers must be based on the Java Authorization Contract for Containers (JACC) specification to handle the Java Platform, Enterprise Edition (Java EE) authorization. By default, WebSphere Application Server enables you to configure the Tivoli® Access Manager Java Authorization Contract for Containers (JACC) provider as the default external JACC provider. For more information, see External Java Authorization Contract for Containers provider settings and Tivoli Access Manager JACC provider settings.
Use a System Authorization Facility (SAF).
Use the System Authorization Facility (SAF) authorization option to specify that SAF EJBROLE profiles be used for user-to-role authorization for both Java Platform, Enterprise Edition (Java EE) applications and the role-based authorization requests (naming and administration) that are associated with application server runtime. This option is available only when your environment contains z/OS® nodes. For more information, see External authorization provider settings and z/OS System Authorization Facility authorization.