ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamy_5.4.0.1/50/sec/secdpmap.htm

49 lines
4.1 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Assign users and groups to roles</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h3><a name="secdpmap"></a>Assign users and groups to roles</h3>
<p>This topic assumes that all the roles are already created in your application. Also, you need to make sure that the user registry used is the current or active user registry. It is preferable to have the security turned on with the user registry of your choice before you begin this process. Make sure that if you have changed anything in the security configuration (for example, enabled security or changed user registry) save the configuration and restart the server before the changes become effective.</p>
<p>Because the default active registry is LocalOS it is not necessary (though it is recommended) to enable security if you want to use the LocalOS registry as your registry to assign users and groups to roles. You can enable security after the users and groups are assigned in this case. The advantage of enabling security with the appropriate registry before proceeding with this task is that you can make sure you have a valid security setup (which includes checking the user registry configuration), and you can avoid problems with using the registry.</p>
<p>These steps are common for both installing an application and modifying an existing application. If the application contains roles, you see the <strong>Map security roles to users/groups</strong> link during installation application (as one of the steps) and also during application management.</p>
<p>To assign users and groups to security roles, perform these steps in the administrative console:</p>
<ol>
<li><p>During the application installation process, click <strong>Map security roles to users/groups</strong>. All roles that belong to the application are listed. If the roles are already assigned to users or special subjects (such as All Authenticated and Everyone), they are listed here.</p></li>
<li><p>To assign the special subjects, select <strong>Everyone</strong> or <strong>All Authenticated</strong> for the appropriate roles.</p></li>
<li><p>To assign users or groups, select the role (multiple roles can be selected at the same time if the same users or groups are assigned to all the roles), and click <strong>Lookup Users</strong> or <strong>Lookup groups</strong>.</p></li>
<li><p>Get the appropriate users and groups from the registry by filling in the <strong>limit (number of items)</strong> and the <strong>Search String</strong> fields and then clicking <strong>Search</strong>.</p>
<p>The limit field limits the number of users that are obtained and displayed from the registry. The pattern is a searchable pattern that matches one or more users or groups. For example, <tt>user*</tt> lists users such as user1 and user2. A pattern of <tt>*</tt> indicates all users or groups. Use the limit and the search strings cautiously so as not to overwhelm the registry. When you use large registries (such as LDAP) where thousands of user and group information resides, a search for a large number of users or groups can make the system very slow, and the system may even fail.</p>
<p>A message appears at the top of the panel when a search results in more entries than you requested. You can refine your search (limit or the search pattern) until you have the required list.</p></li>
<li><p>From the <strong>Available</strong> box, select the users and groups that should be assigned to the role, and click <strong>&gt;&gt;</strong> to add them to the role.</p></li>
<li><p>To remove existing users or groups, select them from the <strong>Selected</strong> box, and click <strong>&lt;&lt;</strong> to remove them.</p></li>
<li><p>Click <strong>OK</strong>.</p></li>
</ol>
<p>The users and groups information is added to the binding file in the application. The binding file is later used for authorization purposes.</p>
</body>
</html>