Administration Console Online Help

1. Access the WebLogic resource for which you want to create a security policy. For instructions on accessing a specific resource, choose from the following list then return to this task as instructed.

   Note: If you have already navigated to the resource in the Administration Console and are accessing this help page from the Policy Conditions page, you can skip to step 2.

   • Access Administrative resources
   • Access Application resources
   • Access EIS resources
   • Access EJB resources
   • Access EJB resources using JCOM
   • Access JCOM system resources
   • Access JDBC application resources
   • Access JDBC system resources
   • Access JMS application resources
   • Access JMS system resources
   • Access JNDI resources
   • Access Root Level policies
   • Access server resources
   • Access Web Application resources
   • Access Web Service resources
   • Access WorkContext resources
2. On the Policy Conditions page for the selected resource, click Add Conditions to display the following prompt:

   Choose the predicate you wish to use as your new condition

3. Choose a predicate (condition) from the list box.

   BEA recommends that you create expressions using the Role condition where possible. Basing expressions on security roles allows you to create one security policy that takes into account multiple users or groups, and is a more efficient method of management.

   For more information, see Components of a Security Policy: Role Conditions, Expressions, and Role Statements

4. The next steps depend on what condition was chosen. Follow the instructions in the wizard to complete each selection.
   • If you selected Role use the selector to enter and add names that define a role or roles scoped to the selected WebLogic Resource. See Create scoped security roles
   • If you selected Group or User, click Next , enter a name in the argument field, and click Add or Remove. The names you add must match groups or users in the security realm active for this WebLogic domain.
   • If you selected a boolean predicate: the Server is in development mode , Allow access to everyone, or Deny access to everyone, there are no arguments to enter. Click Finish and go to step 6..
   • If you selected a context predicate, such as Context element's name equals a numeric constant, click Next and enter the context name and an appropriate value. It is your responsibility to ensure that the context name and/or value exists at runtime.
   • If you selected a time-constrained predicate, such as Access occurs between specified hours, click Next and provide values for the Edit Arguments fields.
5. Click Finish.
6. If desired, repeat steps 2-5 to add more conditions. The system evaluates conditions in the order they appear in the list.
7. If desired, use the buttons in the Scoped Role Conditions section to modify the expressions. Select the check box next to the expression or expressions:
   • Select And/Or between expressions to switch the and / or statements.
   • Click Move Up and Move Down to change the ordering of the selected expression(s).
   • Click Combine or Uncombine to merge or unmerge selected expressions.
   • Click Negate to make a condition negative; for example, NOT Group Operators excludes the Operators group from the role.
   • Click Remove to delete the selected expression.
8. When you have the expressions arranged the way you want, click Save.
9. To access your policy in the Policy table, see List security policies The Policy appears in the Policy Expressions column in the Policies table.