UserRoleAuthorizer Provider

The UserRoleAuthorizer provider grants logical roles to specific users when the user's roles cannot be retrieved by the configured authentication provider from the back end. You cannot manually configure this provider.

This provider is part of all security configurations that are created or updated in Management Cockpit. UserRoleAuthorizer simply implements the checkRole method to compare the physical role name passed in to the current user name.

This authorizer allows the role check for the role "user:"+userName to succeed. For example, with this authorization module enabled, an administrator can map Notification User to "user:jsmith". The user who authenticates as jsmith is then added in the physical role user:jsmith and is granted the logical Notification User and can perform Notification Push.
Note: When the user is authenticated using the X.509 User Certificate provider, this authorizer allows the role check for the role "user:"+<subjectDN from the certificate used to authenticate the user> to succeed. UserRoleAuthorizer features enable you to map the DN from a client certificate to a role.
Parent topic: Authentication Providers for User Authentication and Authorization
Related tasks
Mapping a Logical Role to a Physical Role