This topic applies only to the IBM Business Automation Workflow Advanced configuration.

Security permission qualifier

Edit online

The security permission qualifier specifies a role, which is a semantic group of permissions that a given type of users must have to use an operation in an interface.

Location: You can apply the qualifier at three levels of a component or import:
  • For all of its interfaces
  • For an individual interface
  • For an individual operation of an interface
When this qualifier is used, the identity of the caller must have the designated role to be permitted to call the interface or operation. If no security permission is specified, no permissions are checked and all callers are permitted to call the interface or operation.
This setting creates a Java EE security role for the SCA application matching the name provided in the qualifier. To complete the configuration, you must assign users or groups to this role to limit the access to the operations in either of the following ways:
  • By using the SCA deployment descriptor. For more information, see Binding roles defined in assembly diagrams.
  • During deployment. For more information, see Assigning users to roles.
  • After deployment by following these steps:
    1. Open the application in the administrative console.
    2. Open the Security role to user/group mapping options for the application.
    3. Select the role you want to modify and click Map Users, Map Groups, or Map Special Subjects to add users and groups to the role.
    4. Select the appropriate users and groups and click OK.
    5. Click OK to complete the changes. Then save to commit the changes.