Add Users to Administrative Roles with Expressions
You can define a Delegated Administration role to
determine its user members dynamically by setting conditions under which users
are members of that role. You define those conditions with expressions such
as user profiles properties and dates/times. For example, you can define a role
with the following type of expression: "If a logged-in user has the 'administrator'
property set to 'true' and the time is between 9 a.m. and 5 p.m. MST, the user
is a role member."
To add users to a role with expressions:
- In the Delegated Administration resource tree,
create
a new role or select the role to which you want to add expressions.
- Select the Edit Role Expression tab.
- In the drop-down menu, designate whether All of
the conditions or Any of the conditions should be met to make a user a role
member.
- Select the check box next to any conditions
you want to set.
When you select a condition, it expands to let you configure it.
- To use "The delegated administrator
has specific characteristics" (user profile properties), click Add
Descriptor, select a property set, select a property from that property
set, set the value for the property, and click Add New Value Phrase. Repeat
for additional properties. (User profile properties are created by developers
in WebLogic Workshop.)
- To use "...HTTP request..." and "...HTTP
session..." properties, click Add Descriptor, select
a property set, select a property from that property set, set the value
for the property and click Add New Value Phrase. Repeat for additional
properties. (HTTP session and request properties are created by developers
in WebLogic Workshop.)
- Click Save Changes to apply your edits.
- Confirm that the expressions have been successfully
added to the role by selecting the Role Properties tab.
- You can further define a role by adding
users and groups to the role.
Related Topics: