I am trying to configure fine-grained access control for WSDL Documents loaded in WSRR 7.0.
To test this, in the Configuration perspective, I created a new role and the only permissions I gave it was for retrieving a WSDL with a certain name (e.g. XPATH Target= /WSRR/WSDLDocument).
I also removed all authenticated users in the other default roles present in WSRR's Governance Enablement Profile. However, when I login to WebUI using the said user I can only see the Configuration Perspective and I can even modify roles and permissions which does not make sense at all. The infocenter's information are not very detailed as well.
Does anybody have an idea how to implement fine-grained access control in WSRR? Any links for some samples on how to do it?
This topic has been locked.
1 reply Latest Post - 2011-07-06T18:24:47Z by idh
Pinned topic Fine-grain Access Controlling WSDLs in WSRR 7.0
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2011-07-06T18:24:47Z at 2011-07-06T18:24:47Z by idh
idh 1200008V3B2 PostsACCEPTED ANSWER
Re: Fine-grain Access Controlling WSDLs in WSRR 7.02011-07-06T18:24:47Z in response to WS7NewbieHi,
If you haven't done so already I would suggest looking at the security chapter (7) in the following redbook - http://www.redbooks.ibm.com/abstracts/sg247793.html
I suspect from your description that you need to remove the AllAuthenticated role from the J2EE Administrator role for the Service Registry application in WebSphere Application Server. This is covered in the redbook.
FYI - If you would like this new role to have access to one of the out of the box UI perspectives you will also need to add this role to the relevant XML file for the given perspective (e.g. GEPBusinessPerspective.xml).