Before you begin
Almost all tasks that you complete in the Administration Console use Java Management Extensions (JMX) to invoke an operation in an underlying managed bean (MBean) or modify an MBean attribute. BEA provides a default set of JMX resources and policies to protect WebLogic Server MBeans (see Default Security Policies for MBeans). You can use the Administration Console to modify the default policies on these resources or create new policies.
Caution: MBean attributes and operations that represent particularly sensitive data or actions are protected by two sets of resources. Make sure that any modifications you make to the default MBean policies do not prevent a user from being authorized by both sets of resources. For example, to shut down a Managed Server from the Administration Console, you must satisfy the policy on the JMX resource and the policy on the server's Server resource. See JMX Resources.
To create policies for JMX resources or modify the default policies:
The Roles and Policies: Policies page organizes all of the domain's resources and corresponding policies in a tree control.
Note: The Policies table displays this link only if you have configured the realm to delegate MBean authorization. See Delegate MBean authorization to the realm.
Note: If you select Global Scope in Step 5 and All MBean Types in Step 6, then your policy will apply to all MBeans in the domain.
Then click the Create Policy button.
BEA recommends that you use the Role condition where possible. Basing conditions on security roles enables you to create one security policy that takes into account multiple users or groups, and is a more efficient method of management.
For more information, see Security Policy Conditions
After you finish
If your policies grant access to roles, specify users and groups for your roles. See Manage security roles.