Mapping Roles at the Global or Package Level

Unwired Platform uses a role mapper to map logical and physical roles during an access control check.

Role mappings can occur at two levels. Global role mappings are applied to all domains that are assigned the security configuration that contains the mappings. If you need role mappings to be package-specific, you can perform the mapping at the package level. Package-level mappings override the mappings set at the global level. Package-level role mappings apply to all packages that use the same security configuration, even if the package is deployed in multiple domains.

Administrators use logical roles to control access or group a large number of users who use the same security configuration. Administrators create and map the required logical roles and assign both a security configuration and a logical role to an application (through the application connection template). Users must have one of the physical roles that the logical role is mapped to in order to access the application.

Mapping State Reference
The mapping state determines the authorization behavior for a logical name instance.
Dynamically Mapping Physical Roles to Logical Roles
Map roles at either a domain or package level, depending on the scope requirements of a particular binding. If you use a particular role mapping for a package and a different role mapping at the domain level, the package mapping overrides the domain-level mapping.

Parent topic: Authentication in Unwired Platform