Assigning and Removing Access
Permissions
Use
Use this procedure to assign different access permissions to the naming contexts to users and groups working with the J2EE Engine naming system. Each permission enables the execution of a specific naming operation, or a set of operations. The following access permissions are specified:
· jndi_all_operations – the users and groups that are granted this permission can perform all operations available in the naming system. If a user or a group does not have this permission assigned, it can only perform lookup operations.
· jndi_get_initial_context – if no such permission is assigned, the users and groups cannot use the naming system at all, that is, they cannot even receive InitialContext.
To assign or remove
access permissions, you must use the Runtime → Policy
Configurations → Security
Roles → User
Mappings tab of the Security
Provider service. For more information, see
Mapping Users and
Groups.
The list of users that have been assigned a selected permission for a particular naming context is displayed in the User Tree pane. The list of permissions is available in the Security Roles pane. You can select users or groups of users from the User Tree and grant them the specified permission by adding them either to the Users or to the Groups list.
Procedure
.
1. In the Visual Administrator, choose Cluster → Server → Security Provider service.
2. Choose Runtime → Policy Configurations tab.
3. Select service.naming from the list available in the Components pane.
4. Choose Security Roles → User Mappings tab.
5. From the Security Roles pane, choose the required permission. The Users and the Groups panes display all users and groups that are granted this permission.
If you want to |
Then |
Assign access permission |
... 1. Select a user or a group from the Users or the Groups pane. 2. Choose Add. |
Remove access permissions |
... 1. Select a user or a group from the Users or the Groups pane. 2. Choose Remove. |