Chapter 3. User Authorization

3.1. Enabling Role-Based Authorization

JBoss BRMS uses role-based authorization to assign user permissions. Role-based authorization is disabled by default and all users have full administrative permissions.

Procedure 3.1.  Enable Role-Based Authorization

  1. Before enabling role-based authorization, it is necessary to assign one trusted user the admin role.
    1. From the JBoss Enterprise BRMS web user interface navigation panel, select AdministrationUser Permissions.
    2. Click Create new user mapping and enter the name of the user to be granted Admin permissions. Note, this user must already exist in the brms-users.properties file.
    3. Click Open next to the username whose permissions are being changed.
    4. Click the plus icon to add permissions, and select admin, click OK, and click Save changes.
      After the system has saved the changes Yes will be displayed under Administrator.
  2. Shut down the application server before making these changes.
  3. Open the jboss-as/server/production/deploy/jboss-brms.war/WEB-INF/components.xml file in a text editor.
  4. In the default components.xml file, locate the following code and replace false with true:
    <component name="org.jboss.seam.security.roleBasedPermissionResolver">
       <property name="enableRoleBasedAuthorization">false</property>
    </component>
    

    Note

    In versions 5.1 and earlier, locate and edit the following XML replacing false with true:
    <security:role-based-permission-resolver enable-role-based-authorization="false"/<
    
  5. Restart the application server.
  6. Log back into the BRMS web user interface. From the navigation panel, select AdministrationUser Permissions and assign users roles as required.
  7. Click Open next to the username whose permissions are being changed. Select the required role for the user, click OK, and click Save changes.

    Note

    Users can be assigned more than one role.
    Users assigned the admin role can modify the roles and permissions of other users.