Before you begin
Create users and groups. See Manage users and groups.
A security role is an identity granted to users or groups based on specific conditions. Multiple users or groups can be granted the same security role and a user or group can be in more than one security role. Security roles are used by policies to determine who can access a WebLogic resource (see Use roles and policies to secure resources).
WebLogic Server provides a set of roles that you can use with any policy (global roles). You can also create your own global roles or create roles that can be used by policies only for a specific resource (scoped roles). For example, you can place all of your system administrators in WebLogic Server's Admin role. You can then create a scoped role for a specific EJB that contains highly sensitive business logic. When you create a policy for the EJB, you can specify that only the scoped role can access the EJB.
If two roles conflict, the role of a narrower scope overrides the role of the broader scope. For example, a scoped role for an EJB resource overrides a global role or a scoped role for the enterprise application that contains the EJB.
You create security roles within a security realm, and the roles can be used only when the realm is active.
To use security roles in a WebLogic security realm:
After you finish
Create security policies that determine which roles can access resources. See Create policies for resource instances.