Managing web user accounts
You can control a web user's access to integration node resources by associating the web user ID with a role, which has security permissions assigned to it.
Before you begin
About this task
IBM Integration Bus administrators can use the mqsiwebuseradmin command to create a new web user, to set or change a web user's password, to remove a web user, or to assign a web user to a role.
If administration security is enabled, web users can access the web user interface only when they have logged on using their web user account. As an administrator, you can create multiple roles, with different permissions assigned to them. You can then assign one or more web users to a role, and their access to data and integration node resources is controlled by the permissions that have been set for their role. For more information, see Role-based security.
If administration security is not enabled, web users can interact with the web user interface without logging on; they interact with the web user interface as the 'default' user and can access all data and integration node resources.
If the integration node is configured to use file-based authorization (file mode) or LDAP authorization (ldap mode), you assign permissions to the role by using the mqsichangefileauth command. When LDAP authorization is enabled, a user can be mapped to a single role or multiple roles. Permissions are set for the integration node, the integration server, and the data capture object. For information about setting permissions for file-based authorization, see Setting file-based or LDAP-based permissions. For information about LDAP authorization, see Configuring authorization by using LDAP groups.
- SYSTEM.BROKER.AUTH
- SYSTEM.BROKER.AUTH.integrationServerName
- SYSTEM.BROKER.DC.AUTH
For more information about how to set the permissions that are required for using the web user interface, see Controlling access to data and resources in the web user interface.
When you have defined your roles and set the required permissions, you can assign web users to the appropriate role, and they acquire permissions through their assigned role.
Procedure
Complete these steps to grant access to web users based on their assigned role: