Skip navigation.

eDocs Home > BEA WebLogic Server 9.0 Documentation > Administration Console Online Help > Create global security roles

Administration Console Online Help

PreviousNextvertical dots separating previous/next from contents/index/pdfContents

Create global security roles

Before you begin


A global role applies to all WebLogic resources deployed within a security realm (and thus the entire WebLogic Server domain).

Note: WebLogic Server provides a set of pre-defined global roles that you can use. See Default Global roles

To create a global security role:

  1. In the left pane, select Security Realms.
  2. Select the realm for the global role, for example, myrealm).
  3. On the Settings for realm_name page, select Roles and Policies > Roles.
  4. In the Roles table exapnd Global Roles and select Roles.
  5. In the Global Roles table click New
  6. On the Create a New Role for this Realm page enter the name of the global role in the Name field.

    Note: Do not use blank spaces, commas, hyphens, or any characters in the following comma-separated list: \t, < >, #, |, &, ~, ?, ( ), { }. Security role names are case sensitive. All security role names are singular and the first letter is capitalized, according to the BEA convention. The proper syntax for a security role name is as defined for an Nmtoken in the Extensible Markup Language (XML) Recommendation

  7. Click OK to save your changes and display the role name in the Global Roles table.
  8. In the Global Roles table select the role.
  9. In the Role Conditions section click Add Conditions to display the Edit Roles page with the prompt: Choose the predicate you wish to use as your new condition.
  10. In the Predicate List field select a predicate (condition).

    BEA recommends that you create expressions using the Group condition where possible. When a group is used to create a security role, the security role can be granted to all members of the group (that is, multiple users).

    For more information, see (edocs) Components of a Security Role: Role Conditions, Expressions, and Role Statements

  11. The next steps depend on what condition was chosen.
    • If you selected Group or User, click Next , enter a name in the argument filed, and click Add or Remove. The names you add must match groups or users in the security realm active for this WebLogic domain.
    • If you selected a boolean predicate: the Server is in development mode , Allow access to everyone, or Deny access to everyone, there are no arguments to enter. Click Finish and go to step 10.
    • If you selected a context predicate, such as Context element's name equals a numeric constant, click Next and enter the context name and an appropriate value. It is your responsibility to ensure that the context name and/or value exists at runtime.
    • If you selected a time-constrained predicate, such as Access occurs between specified hours, click Next and provide values for the Edit Arguments fields.
  12. Click Finish.
  13. If desired, repeat steps 10-12 to add more conditions. The system evaluates conditions in the order they appear in the list.
  14. If desired, use the buttons in the Scoped Role Conditions section to modify the expressions. Select the check box next to the expression or expressions:
    • Select And/Or between expressions to switch the and / or statements.
    • Click Move Up and Move Down to change the ordering of the selected expression(s).
    • Click Combine or Uncombine to merge or unmerge selected expressions.
    • Click Negate to make a condition negative; for example, NOT Group Operators excludes the Operators group from the role.
    • Click Remove to delete the selected expression.
  15. When you have the expressions arranged the way you want, click Save.

 

Skip navigation bar   Back to Top