When attempting to do something in WebSphere, such as signing into the WebSphere administrative console (ISC) or restarting an application or creating a new resource, you will need permission to perform the action. WebSphere has different roles, where each role has certain permissions. This article describes the differences between roles in more detail.
- Administrator = full control
- Operator = change runtime (e.g. start/stop application or server)
- Configurator = change configurations (e.g. change master repository)
- Monitor = minimal control (read only)
- Admin Security Manager = change administrative security / security domains
The image below illustrates a typical user registry configuration in WebSphere, where users are placed in a group, and the group is assigned a role. In this way, the users registry provides both authentication (users) and authorization (roles) capabilities.
WebSphere can be configured to obtain groups from the following sources.
Administrative User Role
At Users and Groups > Administrative user roles, by default, only your primary administrative user will be listed.
Administrative user roles can be created or updated by selecting Add. In this example, the user "root" is made to be a member of the Admin Security Manager role.
Create Group Roles
After creating a new group, you'll need to assign a role to the group. In the left panel of the web console, expand Users and Groups and select Administrative group roles. Then, assign a role to a group. For example, you would assign the Configurator role to the Configurators group.