Managing Security

Administrators can configure applications with appropriate levels of security provided by the BEA Tuxedo system. Incremental levels of authentication and authorization can be used to define access to an application. Levels can vary from no authentication for highly secure environments, to a password or an access control list (ACL) that filters who can use services, post an event, and enqueue or dequeue a message on a queue.

With an ACL, not only is a user authenticated when joining an application, but permissions are checked automatically when attempts are made to access application entities, such as services. When an ACL is created for a resource, users not included on the list are denied access to the resource. Resources unprotected by an ACL are accessible by any client who successfully joins the application. Resources unprotected by an ACL with the MANDATORY_ACL security option specified, are denied for any client who joins the application.

An application can be configured so that all servers (except AUTHSVR, the BEA Tuxedo administration server) have restricted access to shared resources, such as shared memory and message queues. When a client joins an application, AUTHSVR provides an authentication service that verifies whether the user has the correct authentication level (in the MIB). This service is transparent to the programmer.

See Also