Authentication Security Provider Service

The Authentication Security Provider Service lets you do the following:

Enable text entry fields in the WebLogic Administration Portal for selecting known users and groups in authentication providers that do not allow read access.
Specify which roles are allowed to manage users and groups in the WebLogic Administration Portal.
Prevent specific users or groups from being created or deleted.

The settings on this page apply to all authentication providers connected to WebLogic Server, unless a provider does not allow a given task to be performed from the WebLogic Administration Portal.

The following table describes the fields and default values for the Authentication Security Provider Service. Updates to any field on this page require either enterprise application redeployment or server restart.

Field	Default Value	Description
Enable Group Predicate Text Entry	No	Some authentication providers may not allow user/group read access by external tools such as the WebLogic Administration Portal. If providers do not allow read access to users and groups, you can activate a text box entry field in the User & Groups, Delegated Administration, and Visitor Entitlements tools for those providers. The text box lets you enter the names of known users and groups, letting you assign profiles for those users or groups, as well as define Delegated Administration and Visitor Entitlements rules using those users and groups. When a user from that non-readable authentication provider logs in, WebLogic Portal uses the profile for the user and can check whether or not the user belongs to any Delegated Administration or Visitor Entitlement groups. Set the value to Yes to enable text box entry.
Roles That Can Read Groups	Admin PortalSystemAdministrator Anonymous	For each user or group management task, you can designate which roles are allowed to perform the task. Roles can be domain-level roles or portal application-level roles (Delegated Administration). The Anonymous role is any unauthenticated user. The Self role is for any authenticated user to perform self service, such as adding oneself to a group or changing one's password. For multiple entries, press Enter after each.
Roles That Can Create Groups	Admin PortalSystemAdministrator
Roles That Can Update Groups	Admin PortalSystemAdministrator Self
Roles That Can Delete Groups	Admin PortalSystemAdministrator
Roles That Can Read Users	Anonymous
Roles That Can Create Users	Admin PortalSystemAdministrator Self Anonymous
Roles That Can Update Users	Admin PortalSystemAdministrator Self
Roles That Can Delete Users	Admin PortalSystemAdministrator
Reserved Users	None. The field is empty.	User or group names you enter in a Reserved field will not be created in any provider. User or group names you enter in a Protected Field will not be deleted from any provider. For multiple entries, press Enter after each. You do not have to add names that are reserved or protected by default by WebLogic Server.
Protected Users	None. The field is empty.
Reserved Groups	None. The field is empty.
Protected Groups	None. The field is empty.