This assumes you have setup a users account repository in WebSphere, and you are now ready to add users to groups. As you learned when setting up a users account repository, WebSphere can be configured to get users from WebSphere (aka Federated Repository), from the local operating system, or from LDAP. It is important to recognize that only users from the WebSphere file based repository (fileRegistry.xml) can be added to a group. In other words, users from the local operating system or LDAP cannot be added to a group. For this reason, groups are often not used in WebSphere, which is a shame.

Technically, you can create any group name you would like. However, typically, the following groups are created: admins, operators, configurators, security, monitor.

In the left panel of the WebSphere web console, expand Users and Groups and select Manage Groups. If the below message is displayed, this suggests that WebSphere is configured to use the local Operating System or LDAP for authentication. When using the operating system or LDAP for authentication, the management of users and groups will be done using the operating system or LDAP.

If there is an option to Create, WebSphere is configured to use a federated repository for authentication. In this scenario, users and groups can be managed using the WebSphere web console. In this example, a group named Administrators is created.

At Manage groups, the groups that have been created will be displayed.

Add users to a group

1. Select Users and Groups > Manage Groups.
2. Select a group.
3. Select the Members tab.
4. Select Add Users.
5. Add users to the group. Note that you can only add users that reside in the fileRegistry.xml file on the WebSphere server to the group.
6. Select Close.

In this example, Jeremy Canfield is added to the Administrators group.