Enabling application groups
Application groups is a concept that allows you to define user groups within the database user registry with members (users or groups) contained in the federated LDAP user registry you configured. The benefit of application groups is that you can create Groups that are only used in IBM® WebSphere® Portal.
Before you begin
Before you complete this task, you might want to view and print the appropriate worksheet. See WebSphere Portal Enable for zOS worksheets.
About this task
You can use application groups in
the following scenarios:
- Read-only LDAP
- If you have a read-only LDAP, you cannot change the group membership of users and groups. If you need to define access rights for certain users that are in different groups, you can create an Application group for these users with the required access rights.
- Special group setup for WebSphere Portal
- In this scenario you need to setup a special group hierarchy that is only used by WebSphere Portal and not by other applications that access your LDAP server. This can help you apply special access control rules just for WebSphere Portal because the roles assigned to the Application Group also apply to all of its members.
Note: Application groups only apply to WebSphere Portal; it does not apply
to external security managers. Also, application groups are not supported
when using the a
built-in file repository.
Perform the following steps to enable application groups: