Delegated Administration Overview

Delegated administration provides a mechanism for propagating WebLogic Administration Portal privileges down a hierarchy of roles. A Delegated Administration role is a classification of users based on user name, group membership or by the user's characteristics (or expressions), such as user profile values or time.

In your organization, you might want individuals to have different rights of access to various administration tasks and resources. For example, a system administrator might have access to every feature in the WebLogic Administration Portal. The system administrator might then create a portal administrator role that could manage instances of portal resources in specific desktop views of your portal, and a library administrator role that can manage your portal resource library.

A role policy consists of a role name and role definition. Delegated Administration roles are mapped to administrative functions on portal resources using security policies. Given the appropriate rights, administrators can delegate both the right to administer a given resource capability and the right for the delegatee to delegate further. For more information on role policies and security policies, see the Overview of Portal Security.

Setting Up an Administrative Role

You can create Delegated Administration roles at any time; however, the following process shows all of the steps that ensure your administrators are set up correctly:

  1. Model your Delegated Administration hierarchy to fit the needs of your organization.
  2. Create a Role for each administrator type.
  3. Define the role three ways:
  1. Assign Delegated Administration rights to various resources:

Related Topics: