Administration Console Online Help

    Previous Next  Open TOC in new window 
Content starts here

Access policies for WorkContext resources

Before you begin

This subtask is part of the main task for creating a security policy. Start with the main task: Create policies for resource instances

Before you create a security policy for a WorkContext resource you need to create the resource in the Administration Console. See Create WorkContext resources.

Security policies for Work Context resources apply to Work Context objects, which allow developers to pass properties without including them in a remote call.

To access policies for a WorkContext resource:

  1. In the left pane of the Administration Console, expand Services and select Work Contexts.
  2. In Work Context Resources table, in the Path column, click the name of a work context path.
  3. On the Settings page for the work context, select the Policies tab.
  4. On the Policies page, if you have configured more than one authorization provider for the realm, from the Authorization Providers list select the provider you want to use to secure this resource.
  5. Under Policy Conditions, click Add Conditions.
  6. On the Choose a Predicate page, in the Predicate List, select a condition.

    BEA recommends that you use the Role condition where possible. Basing conditions on security roles enables you to create one security policy that takes into account multiple users or groups, and is a more efficient method of management.

    For more information, see Security Policy Conditions

  7. The next steps depend on the condition that you chose:
    • If you selected Role, click Next, enter the name of a security role in the argument field, and click Add. If the security role that you name does not already exist, create one by that name after you finish creating policies.
    • If you selected Group or User, click Next , enter a name in the argument field, and click Add. If the user or group that you name does not already exist, create one by that name.
    • If you selected a boolean predicate (Server is in development mode , Allow access to everyone, or Deny access to everyone), there are no arguments to enter. Click Finish and go to step 10..
    • If you selected a context predicate, such as Context element's name equals a numeric constant, click Next and enter the context name and an appropriate value. It is your responsibility to ensure that the context name and/or value exists at runtime.
    • If you selected a time-constrained predicate, such as Access occurs between specified hours, click Next and provide values for the Edit Arguments fields.
  8. Click Finish.
  9. (Optional) Create additional conditions.
  10. (Optional) The WebLogic Security Service evaluates conditions in the order they appear in the list. To change the order, select the check box next to a condition and click the Move Up or Move Down button.
  11. (Optional) Use other buttons in the Policy Conditions section to specify relationships between the conditions:
    • Select And/Or between expressions to switch the and / or statements.
    • Click Combine or Uncombine to merge or unmerge selected expressions. See Combine Conditions.
    • Click Negate to make a condition negative; for example, NOT Group Operators excludes the Operators group from the role.
  12. Click Save.

After you finish

If your policies grant access to roles, specify users and groups for your roles. See Manage security roles.

  Back to Top