Administering authorization permissions
Service integration messaging security uses role-based authorization. When a user is assigned to a role, the user is granted all of the permissions that the role contains. By administering authorization permissions, you can control user access to a bus and its resources when messaging security is enabled.
Before you begin
About this task
You can make changes to
authorization permissions when messaging security is enabled or disabled.
Any changes that you make when security is disabled do not have any
effect until security is enabled, as described in Disabling bus security.
LDAP Registry Tip: When you specify the group
authorization permissions, the group distinguished name (DN) must
be used. If you specify a common name (CN) for the group name, users
in that group do not have the specified authorities. For more details
see Standalone Lightweight Directory Access
Protocol registries.
When security is enabled, by default users cannot connect to a foreign bus. If a specific user needs to connect to a foreign bus, you must explicitly add that user to the foreign bus access list.