Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


User Application Access on Websphere V7.0

Published on
9,602 Points
1 Endorsement
Last Modified:
This exercise is about for the following scenario:
Dmgr and One node with 2 application server.
Each application server contains it owns application.

Application server name as follows

server1 contains app1
server2 contains app1

1) You need to setup websphere global security with LDAP registry or Federated repository
2) You need to create two users on LDAP ( for example user1 and user2)

Requirement: WAS 7.0 and LDAP or you can also use federated repository ( file based  repository comes as a default security with WAS7.0)

The objective of this article is access for one user for a particular application server with in cell but limiting their access to other application server and applications. This article helps where you have application owner want to maintain their own app.

This can achieve this by configuring through the use of Administrative Authorization Groups. These groups map specific scopes or objects to console users and roles, thus allowing those users that role access to those specific objects.

Steps for configuring Fine Grained Adminstrative Security via  Administrative Authorization Groups

  1. In the administrative console, under Users and Groups, click Administrative user roles.
      Click ADD
  2. Under Roles, scroll down and select Monitor
  3. Click on the Search button it display all users from our LDAP
  4. Select user1 and user2.  Click the right arrow to move them to the Mapped to role list.
  5. In the administrative console, click Administrative authorization groups under Security
  6. Click New to create a new Administrative authorization group
  7. Enter User1ROLE Under Resources select all scope and Expand all of the entries and the
     sub-entries Under Business-level Applications and applications select the APP1
  8. (Under Nodes) Expand your node -- select server1
  9. Save the change and sync the node with dmgr.
10. In the administrative console, click Administrative authorization groups > Administrative user roles
11. Click Add to map the console user to the administrative authorization group.
      Select the Administrator Role, then click Search button it display all user from our LDAP  
12. Select user1 click the right arrow to move them to the Mapped to role list
13. Save the change and sync the node with dmgr.
14. Repeat step6 to step 11 for user2ROLE ( make sure select APP2 and Server2)
15. Select user2 click the right arrow to move them to the Mapped to role list
16. Login as user1 and user2. Once logged in, browse through various parts of the console.
      Notice that the user1 and user2 users has monitor rights to most areas.

For example Expand Applications > Application Types > Enterpise applications to verify that user user1 only has administrative authority on the APP1
1 Comment

Author Comment

Thank you very much

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Join & Write a Comment

This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Screencast - Getting to Know the Pipeline
Suggested Courses
Course of the Month10 days, 9 hours left to enroll

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month