Fine grained security in WAS

The WebSphere Application Server has concept of fine grained security, which means you can assign a user rights to individual resource instead of the full cell. For example you want to allow a dev team to update only there enterprise application, but you dont want them to modify any other applications or any other configuration, you can do that with fine grained security configuration.

I wanted to try this feature so i did create a HelloFineGrainedSecurityEAR application and i want to configure the security so that only users in devteam group will be able to deploy only HelloFineGrainedSecurityEAR application, i followed these steps

  • First i followed the instructions in the Assiginging administrative roles to user entry to assign monitor role to devteam group

  • I went to Security -> Administrative Authorization Group screen in the WAS Admin Console


  • I clicked on New to create a new Administrative Authorization Group like this

    I did create HelloFineGrainedSecurityAdminGroup and i did select HelloFineGrainedSecurityEAR application because thats the only application that i want this group to modify

  • Then i clicked on Administrative Group roles link to assign a group deployer role to the HelloFineGrainedSecurityAdminGroup




  • Now when i log out and login using one of the group in the devteam, and i went to Manage application section and i can see that i do have access to update HelloFineGrainedSecurityEAR but not any other application