Role Based Management (RBM) - IBM Websphere

RBM controls the relationships between authenticated users and resources. Users areauthenticated either by a remote authentication system or by the DataPower appliance. The RBM policy determines whether to allow an authenticated user to access specificresources.

When authentication uses a remote authentication system, such as a Lightweight Directory Access Protocol (LDAP) server, RBM extracts the identity of the authenticated user, maps the identity to a credential, and determines whether to authorize access to the resource based on the credential. If a problem occurs during remote authentication, RBM can useone or more locally defined fallback users.

this shows the basic components of RBM and how they relate to each other.

Basic components of RBM and their relationships

Basic components of RBM and their relationships

When authentication is local,authentication is by user name and password. The group in which the user is a member determines whether to authorize access to the resource. Users who are not members of a group are not under RBM control.

The RBM policy uses access profiles to determine authorization to resources. An accessprofile is made up of one or more access policies. Each access policy defines which privileges to provide to a single resource. An access policy can use wildcard characters in regular expressions to define the same set of privileges to multiple resources. Because RBM distances access policies from individual users, you can modify an access profile that affects a collection of users instead of modifying each user individually. For example,you can modify the access profile in a user group to change resource authorization for all members of that group. Alternatively, you can change the access profile associated with a credential tomodify all users who map to that credential.


All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

IBM Websphere Topics