FreeKB - Assign users or groups to roles in WebSphere
Assign users or groups to roles in WebSphere

Home > Search

When attempting to do something in WebSphere, such as signing into the WebSphere administrative console (ISC) or restarting an application or creating a new resource, you will need permission to perform the action. WebSphere has different roles, where each role has certain permissions. This article describes the differences between roles in more detail.

  • Administrator = full control
  • Operator = change runtime (e.g. start/stop application or server)
  • Configurator = change configurations (e.g. change master repository)
  • Monitor = minimal control (read only)
  • Admin Security Manager = change administrative security / security domains


The image below illustrates a typical user registry configuration in WebSphere, where users are placed in a group, and the group is assigned a role. In this way, the users registry provides both authentication (users) and authorization (roles) capabilities.


WebSphere can be configured to obtain groups from the following sources.


Administrative User Role

At Users and Groups > Administrative user roles, by default, only your primary administrative user will be listed.


Administrative user roles can be created or updated by selecting Add. In this example, the user "root" is made to be a member of the Admin Security Manager role.


Create Group Roles

After creating a new group, you'll need to assign a role to the group. In the left panel of the web console, expand Users and Groups and select Administrative group roles. Then, assign a role to a group. For example, you would assign the Configurator role to the Configurators group.


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter in the box below so that we can be sure you are a human.