Add Users to Administrative Roles with Expressions
You can define a Delegated Administration role to
determine its user members dynamically by setting conditions under which users
are members of that role. You define those conditions with expressions such
as user profiles properties and dates/times. For example, you can define a role
with the following type of expression: "If a logged-in user has the 'administrator'
property set to 'true' and the time is between 9 a.m. and 5 p.m. MST, the user
is a role member."
To add users to a role with expressions:
- In the Delegated Administration resource tree,
create
a new role or select the role to which you want to add expressions.
- Select the Edit Role Expression tab.
- In the drop-down menu, designate whether All of
the conditions or Any of the conditions should be met to make a user a role
member.
- Select the check
box next to any conditions you want to set.
When you select a condition, it expands to let you configure it.
- To use "The
delegated administrator has specific characteristics" (user profile
properties), click Add Descriptor, select a property set, select a property
from that property set, set the value for the property, and click Add
New Value Phrase. Repeat for additional properties. (User profile properties
are created by developers in WebLogic Workshop.)
- To use "...HTTP request..." and "...HTTP
session..." properties, click Add Descriptor, select a property set,
select a property from that property set, set the value for the property
and click Add New Value Phrase. Repeat for additional properties. (HTTP
session and request properties are created by developers in WebLogic Workshop.)
- Click Save Changes to apply your edits.
- Confirm that the expressions have been successfully
added to the role by selecting the Role Properties tab.
- You can further define a role by adding
users and groups
to the role.
Note: If you decide to define roles with expressions whose evaluation changes
within the course of processing a request, you may need to adjust your portal
application cache settings to ensure that the correct role definition is retreived
instead of a cached role. See the Performance
Tuning Guide for more details
Related Help Topics: