Mapping Roles

Configure role mapping to authorize client requests to access MBOs and operations. For each security configuration, platform and domain administrators can manage logical role mappings at the package level or at a domain level. Use the corresponding domain or package node in the left navigation pane to configure role mappings accordingly.

Set an appropriate mapping state for each logical role. The state you choose allows you to disable logical roles, allow logical roles to be automatically mapped, or manually define which logical roles are mapped to one or more physical roles. The states of AUTO or NONE require the least administration.

If a developer has defined a logical role, mapping is not required; the logical role is matched to the physical role of the same name and is therefore automatically mapped.

Note: Changes to domain-level role mapping are applied to all domains that share the same security configuration. Likewise, changes to package-level role mapping apply to all instances of the affected package that use the same security configuration, even if the package is deployed in multiple domains.
  1. Setting the Mapping State
    Map roles for a package by setting the mapping state. Mapping behavior is determined by the state that exists for the logical role. You can select AUTO or NONE; a third state, MAPPED, is set automatically after you manually map a physical role to the selected logical role.
  2. Mapping a Physical Role Manually
    Use the Role Mappings dialog to manually map required physical roles for a logical role when physical and logical role names do not match. If names do not match, the AUTO mapping state does not work.
Parent topic: Configuring Domain Security
Previous topic: Assigning Domain Administrators to a Domain