Users and Groups

A user is an entity that can be authenticated. A user can be a person or a software entity, such as a Java client. Each user is given a unique identity within a security realm. For more efficient security management, BEA recommends adding users to groups. A group is a collection of users who usually have something in common, such as working in the same department in a company.

The following sections provide more information about users:

• Creating Users

• Adding Users to Groups

• Modifying Users

• Deleting Users

The following sections provide more information about groups:

• Default Groups

• Creating Groups

• Nesting Groups

• Modifying Groups

• Deleting Groups

 

---

Creating Users

Notes: The instructions in this section apply to the WebLogic Authentication provider only. If you customize the default security configuration to use a custom Authentication provider, you must use the administration tools supplied by that security provider to create a user.

When upgrading to the WebLogic Authentication provider, there is no automatic way to load existing users into the WebLogic Authentication provider's database. For this release of WebLogic Server, adding existing users is a manual step. If you have a large number of existing users, consider using the Realm Adapter Authentication provider. For more information about the Realm Adapter Authentication provider, see "Configuring a Realm Adapter Authentication Provider" in Managing WebLogic Security.

To create a new user, follow these steps:

1. In the left pane of the WebLogic Server Administration Console, expand Security, then Realms.

2. Expand the security realm for which you are creating a user (for example, myrealm).

3. Click Users.

   If available, a table of currently defined users appears in the right pane.

4. Click the Configure a New User... link to display the Create User page.

   Note: If multiple WebLogic Authentication providers are configured in the security realm, you will need to select which WebLogic Authentication provider's database should store information for the new user.

5. On General tab, enter the name of the user in the Name field.

   Notes: Do not use blank spaces, commas, hyphens, or any characters in this comma-seperated list: \t, < >, #, |, &, ~, ?, ( ), { }, *, /. User names are case sensitive.

6. If desired, enter a description of the user (such as their full name) in the Description field.

7. Enter a password for the user in the Password field.

   Notes: The minimum password length for a user defined in the WebLogic Authentication provider is 8 characters. Do not use the user name/password combination weblogic/weblogic in a production environment.

8. Re-enter the password for the user in the Confirm Password field.

9. Click Apply to save your changes.

 

---

Adding Users to Groups

BEA recommends adding users to groups because groups allow you to manage a number of users at the same time. This is generally more efficient than managing each user individually.

Note: The instructions in this section assume that you have already created groups as described in Creating Groups, or that you will use the default groups described in Default Groups.

To add a user to a group, follow these steps:

1. In the left pane of the WebLogic Server Administration Console, expand Security, then Realms.

2. Expand the security realm for which you are adding a user to a group (for example, myrealm).

3. Click Users.

   If available, a table of currently defined users appears in the right pane.

4. Click the hyperlinked name of the user that you want to add to a group.

   Note: If you have a large number of users, use the Filter By field to retrieve and list only the users that match your search criteria. The Filter By field uses the asterisk (*) as the wildcard character.

5. Click the Groups tab.

   All the available groups appear in the Possible Groups list box. All the groups to which the user belongs appear in the Current Groups list box.

6. In the Possible Groups list box, highlight the name of a group.

7. Click the highlighted arrow to move the group from the Possible Groups list box to the Current Groups list box.

8. If desired, repeat steps 6 and 7 to add the user to multiple groups.

9. Click Apply to save your changes.

 

---

Modifying Users

To modify an existing user, follow these steps:

1. In the left pane of the WebLogic Server Administration Console, expand Security, then Realms.

2. Expand the security realm for which you are modifying a user (for example, myrealm).

3. Click Users.

   A table of currently defined users appears in the right pane.

4. Click the hyperlinked name of the user that you want to modify.

   Note: If you have a large number of users, use the Filter By field to retrieve and list only the users that match your search criteria. The Filter By field uses the asterisk (*) as the wildcard character.

5. Use the General tab to modify the user's description or password, and the Groups tab to modify the user's membership in one or more groups. (See Creating Users and Adding Users to Groups for specific instructions.)

   Note: On both of these tabs, be sure to click Apply to save your changes.

 

---

Deleting Users

To delete an existing user, follow these steps:

1. In the left pane of the WebLogic Server Administration Console, expand Security, then Realms.

2. Expand the security realm from which you are deleting a user (for example, myrealm).

3. Click Users.

   A table of currently defined users appears in the right pane.

4. Click the trash can icon that is located in the same row as the user you want to delete.

   Note: If you have a large number of users, use the Filter By field to retrieve and list only the users that match your search criteria. The Filter By field uses the asterisk (*) as the wildcard character.

5. Click Yes to confirm the deletion.

6. Click Continue.

   The Select Users page no longer shows the deleted user in the table.

 

---

Default Groups

By default, WebLogic Server defines the groups shown in Table 3-1.

Table 3-1 Default Groups 

Group Name	Membership
users	If a user identifies himself or herself when they log in (for example, through a Web page), the user is a member of this group. Note: The users group includes all users except the <anonymous> user. For more information about the <anonymous> user, see "Guest User" in the WebLogic Server 7.0 Upgrade Guide.
everyone	Regardless of whether a user identifies himself or herself when they log in, the user is a member of this group. Note: The everyone group includes (that is, is nested within) the users group.
Administrators	By default, this group contains the user information entered as part of the installation process, and the system user if the WebLogic Server instance is running Compatibility security. Any user assigned to the Administrators group is granted the Admin security role by default.
Deployers	By default, this group is empty. Any user assigned to the Deployers group is granted the Deployer security role by default.
Operators	By default, this group is empty. Any user assigned to the Operators group is granted the Operator security role by default.
Monitors	By default, this group is empty. Any user assigned to the Monitors group is granted the Monitor security role by default.

 

Note: For more information about the default security roles, see Default Global Roles.

You can add to the default groups by creating your own, as described in Creating Groups.

 

---

Creating Groups

Notes: The instructions in this section apply to the WebLogic Authentication provider only. If you customize the default security configuration to use a custom Authentication provider, you must use the administration tools supplied by that security provider to create a group.

When upgrading to the WebLogic Authentication provider, there is no automatic way to load existing groups into the WebLogic Authentication provider's database. For this release of WebLogic Server, adding existing groups is a manual step. If you have a large number of existing groups, consider using the Realm Adapter Authentication provider. For more information about the Realm Adapter Authentication provider, see "Configuring a Realm Adapter Authentication Provider" in Managing WebLogic Security.

To create a new group, follow these steps:

1. In the left pane of the WebLogic Server Administration Console, expand Security, then Realms.

2. Expand the security realm for which you are creating a group (for example, myrealm).

3. Click Groups.

   If available, a table of currently defined groups appears in the right pane.

4. Click the Configure a New Group... link to display the Create Group page.

   Note: If multiple WebLogic Authentication providers are configured in the security realm, you will need to select which WebLogic Authentication provider's database should store information for the new group.

5. On General tab, enter the name of the group in the Name field.

   Notes: Do not use blank spaces, commas, hyphens, or any characters in this comma-seperated list: \t, < >, #, |, &, ~, ?, ( ), { }, *, /. Group names are case sensitive. The BEA convention is that group names are plural.

6. If desired, enter a description of the group in the Description field.

7. Click Apply to save your changes.

 

---

Nesting Groups

If desired, you can nest groups within other groups.

Note: The instructions in this section assume that you have already created groups as described in Creating Groups or that you will use the default groups described in Default Groups.

To nest a group within another group, follow these steps:

1. In the left pane of the WebLogic Server Administration Console, expand Security, then Realms.

2. Expand the security realm for which you are nesting a group (for example, myrealm).

3. Click Groups.

   A table of currently defined groups appears in the right pane.

4. Click the hyperlinked name of the group that you want to nest within another group.

   Note: If you have a large number of groups, use the Filter By field to retrieve and list only the groups that match your search criteria. The Filter By field uses the asterisk (*) as the wildcard character.

5. Click the Membership tab.

   All the available groups appear in the Possible Groups list box. All the groups in which the group is nested appear in the Current Groups list box.

6. In the Possible Groups list box, highlight the name of a group.

7. Click the highlighted arrow to move the group from the Possible Groups list box to the Current Groups list box.

8. If desired, repeat steps 6 and 7 to nest the group within multiple groups.

9. Click Apply to save your changes.

 

---

Modifying Groups

To modify an existing group, follow these steps:

1. In the left pane of the WebLogic Server Administration Console, expand Security, then Realms.

2. Expand the security realm for which you are modifying a group (for example, myrealm).

3. Click Groups.

   A table of currently defined groups appears in the right pane.

4. Click the hyperlinked name of the group that you want to modify.

   Note: If you have a large number of groups, use the Filter By field to retrieve and list only the groups that match your search criteria. The Filter By field uses the asterisk (*) as the wildcard character.

5. Use the General tab to modify the group's description, and the Membership tab to modify the group's membership in one or more other groups. (See Creating Groups and Nesting Groups for specific instructions.)

   Note: On both of these tabs, be sure to click Apply to save your changes.

 

---

Deleting Groups

To delete an existing group, follow these steps:

1. In the left pane of the WebLogic Server Administration Console, expand Security, then Realms.

2. Expand the name of the security realm from which you are deleting a group (for example, myrealm).

3. Click Groups.

   A table of currently defined groups appears in the right pane.

4. Click the trash can icon that is located in the same row as the group you want to delete.

   Note: If you have a large number of groups, use the Filter By field to retrieve and list only the users that match your search criteria. The Filter By field uses the asterisk (*) as the wildcard character.

5. Click Yes to confirm the deletion.

6. Click Continue link.

   The Select Groups page no longer shows the deleted group in the table.