Controlling access to data and resources in the web user interface
Integration administrators can control web users' access to data and integration node resources by assigning permissions to users based on their role.
Before you begin
- Read the following topics:
- Ensure that the web user interface has been configured. For more information, see Configuring the IBM Integration Bus web user interface.
About this task
Integration administrators can restrict web users' access to data and integration node resources only if administration security is enabled. If administration security is not enabled, web users can interact with the web user interface without logging on, which means that they can access the web user interface as the 'default' user and have access to all data and integration node resources.
To perform any administrative task from the web user interface when administration security is enabled, you must have permission to view properties on the integration node. For a full list administrative tasks and the permissions required, see Tasks and authorizations for administration security.
With administration security enabled, REST users can view only the URIs for which they are authorized. If administration security is disabled, all REST requests are unrestricted.
As an integration administrator, you can set permissions to restrict users' access based on the tasks that they are required to perform. Some example tasks and their associated permissions are shown in the following table:
Example access and actions | WebSphere® MQ queue-based permissions (set on the setmqaut command) | File-based permissions (set on the mqsichangefileauth command) |
---|---|---|
Allow data technicians to view only their own profiles and the Data viewer in the web user interface |
|
read+ permission on the DataCapture object |
Allow web users to view and download recorded messages |
|
read+ permission on the DataCapture object |
Allow web users to view, download, and replay recorded messages |
|
read+,execute+ permission on the DataCapture object |
Allow REST users to request information about messages recorded under a DataCaptureStore |
|
read+ permission on the DataCapture object |
Allow REST users to view and replay messages |
|
read+,execute+ permission on the DataCapture object |
Integration administrators can also allow web users to start and stop integration servers, applications, and message flows from the web user interface, by granting permissions to the roles with which the web users are associated.
For more information about role-based access, see Role-based security and Managing web user accounts.