Controlling access to data and resources in the web user interface
Integration administrators can control web users' access to data and integration node resources by assigning permissions to users based on their role.
Before you begin
- Read the following topics:
- Ensure that the web user interface has been configured. For more information, see Configuring the IBM App Connect Enterprise web user interface.
About this task
Integration administrators can restrict web users' access to data and integration node resources only if administration security is enabled. If administration security is not enabled, web users can interact with the web user interface without logging on, which means that they can access the web user interface as the 'default' user and have access to all data and integration node resources.
To perform any administrative task from the web user interface when administration security is enabled, you must have permission to view properties on the integration node. For a full list administrative tasks and the permissions required, see Tasks and authorizations for administration security.
With administration security enabled, REST users can view only the URIs for which they are authorized. If administration security is disabled, all REST requests are unrestricted.
As an integration administrator, you can set permissions to restrict users' access based on the tasks that they are required to perform. Some example tasks and their associated permissions are shown in the following table:
Example access and actions | IBM MQ queue-based permissions (set on the setmqaut command) | File-based permissions (set on the mqsichangefileauth command) |
---|---|---|
Allow data technicians to view record and replay data stores under Data tab of the integration node or integration server in the web user interface. |
|
|
Allow web users to view and download recorded messages in an integration server's record and replay store. |
|
|
Allow web users to view, download and replay recorded messages in an integration server's record and replay data store. |
|
|
Allow REST users to request information about messages recorded under an integration server's record and replay data store. |
|
read+ permission on the Integration Server Data object |
Allow REST users to view and replay messages. |
|
|
Integration administrators can also allow web users to start and stop integration servers, applications, and message flows from the web user interface, by granting permissions to the roles with which the web users are associated.
For more information about role-based access, see Role-based security and Managing web user accounts.