Relationships

The relationships between groups, resources, permissions, and applications are stored in the GRP_RES_PERM_REL database table. This table defines which resource permissions are granted to which user groups for which applications.
Table 1. Columns of the GRP_RES_PERM_REL database table
Column name Description
GROUP_NAME The name of the group
RESPERM_ID The ID of the resource permission that is granted to the group. This ID refers to the ID column in the RES_PERM table.
APP_ID The ID of the application for which the resource permission is granted to the group. This ID refers to the ID column in the APPLICATION table.
The following figure illustrates these relationships where:
PK
Denotes a primary key.
FK
Denotes a foreign key.
Figure 1. Relation between resource permissions, user groups, and applications
linksGroupName.jpg
To check the permissions of a user, the Operations and Administration Console (OAC) proceeds as shown in the following list:
  1. Retrieves the group memberships for the user as defined in IBM® WebSphere® Liberty.
  2. For each application, it selects all the resource permissions that are granted to these groups. To do this selection, it evaluates the GRP_RES_PERM_REL, RES_PERM, and APPLICATION database tables.