Access control
When authenticating a user for IBM® Business Process Manager, it is important for security purposes that access to all operations is not automatically be granted to that user. Allowing some users to perform certain operations, while denying access to those same operations for other users, is termed access control.
Access control can be arranged for components that you develop to make them secure. You provide access control for components by using service component architecture qualifiers at development time.
Some IBM Business Process Manager components, packaged as enterprise archive (EAR) files, secure their operation using Java EE role-based security. In contrast to code-based security, which secures the operation of components, role-based access control secures resources. For example, in the Business Calendars widget, you can specify the type of access that users have to individual timetables.
Security Roles widget
Use the Security Roles widget in Business Space to specify, for each timetable, the owner of the timetable as well as those who have writer and reader access to the timetable.
| Roles | Default permission |
|---|---|
| BPMAdmin | Primary administrative user |
| BPMRoleManager | All authenticated users |
EAR files and associated roles
The Business Process Choreographer and the Common Event Infrastructure are installed as part of IBM Business Process Manager.
| Name of .ear file | Role | Default |
|---|---|---|
| BPEContainer_nodeName_serverName.ear OR BPEContainer_clusterName |
APIUser | All Authenticated |
| SystemAdministrator | None | |
| SystemMonitor | None | |
| JMSAPIUser | All Authenticated | |
| AdminJobUser | All Authenticated | |
| JAXWSAPIUser | Everyone | |
| BPCExplorer_nodeName_serverName.ear OR BPCExplorer_clusterName |
WebClientUser | All Authenticated |
| BPCArchiveExplorer_nodeName_serverName.ear OR BPCArchiveExplorer_clusterName |
WebClientUser | All Authenticated |
| BSpaceEAR_nodeName_server.ear | businessspaceusers | All Authenticated |
| BSpaceForms_nodeName_server.ear | WebFormUsers | All Authenticated |
| BusinessRulesManager.ear | BusinessRuleUsers | All Authenticated |
| NoOne | None | |
| AnyOne | Everyone | |
| BusinessRules_nodeName_server.ear | Administrator | All Authenticated |
| EventService.ear | eventAdministrator | All Authenticated |
| eventConsumer | All Authenticated | |
| eventUpdater | All Authenticated | |
| eventCreator | All Authenticated | |
| catalogAdministrator | All Authenticated | |
| catalogReader | All Authenticated | |
| mm.was_nodeName_server.ear | All Authenticated | All Authenticated |
| everyone | Everyone | |
| REST Services Gateway.ear | RestServicesUser | All Authenticated |
| REST Services Gateway Dmgr .ear | RestServicesUser | All Authenticated |
| TaskContainer_nodeNameserverName.ear OR TaskContainer_clusterName |
APIUser | All Authenticated |
| SystemAdministrator | None | |
| SystemMonitor | None | |
| EscalationUser | All Authenticated | |
| AdminJobUser | All Authenticated | |
| JAXWSAPIUser | Everyone | |
| wpsFEMgr_7.0.0 Security | WBIOperator | Everyone |