WebSphere Security on the Distributed Platforms 335 You can also add a console group to give specific administrative role(s) to a group of users. To do this from the Administrative Console: 1. 2. 3. 4. 5. Log into the Administrative Console running on the Deployment Manager. Expand the System Administration in the left-hand navigation tree and click on Console Groups. The right-hand pane will show all the defined console groups. In the right-hand pane, click on the button Add. Type in the name of the group or select a special subject and the roles of the group. The two special subjects (groups) are EVERYONE and ALL-AUTHENTICATED. Click on OK button and save the change. Tip For WebSphere on z/OS, the console user can be controlled either by WebSphere or by the z/OS security product. See chapter 14, Security on WebSphere on z/OS, for details. Naming and Security When WebSphere global security is enabled, access to the WebSphere name space is protected. WebSphere naming security defines four roles for accessing the WebSphere namespace: 1. Cos Naming Read. This role allows a user to read the namespace.