Administration Console Online Help

1. Access the WebLogic resource for which you want to create a scoped security role. For instructions on accessing a specific resource, choose from the following list and return to this task as instructed.

   Note: If you have already navigated to the resource in the Administration Console and are accessing this help page from the Scoped Roles table, you can skip to step 2.

   • Access administrative resources
   • Access application resources
   • Access EIS resources
   • Access EJB resources
   • Access JCOM system resources
   • Access JDBC application resources
   • Access JDBC system resources
   • Access JMS application resources
   • Access JMS system resources
   • Access JNDI resources
   • Access server resources
   • Access Web Application resources
   • Access Web Service resources
   • Access WorkContext resources
2. On the Scoped Roles page for the selected resource, click New to display the Create Role page.
3. In the Name field, enter a name for the role.

   Note: Do not use blank spaces, commas, hyphens, or any characters in the following comma-separated list: \t, < >, #, |, &, ~, ?, ( ), { }. Security role names are case sensitive. All security role names are singular and the first letter is capitalized, according to the BEA convention. The proper syntax for a security role name is as defined for an Nmtoken in the Extensible Markup Language (XML) Recommendation

   Warning: If you create a scoped role with the same name as a global role, the scoped role takes precedence over the global role.

4. Click OK to save your changes and display the role name in the Scoped Roles table.
5. In the Scoped Roles table select the new role to display the Role Conditions page.
6. In the Role Conditions section click Add Conditions to display the Edit Roles page with the prompt: Choose the predicate you wish to use as your new condition
7. In the Predicate List field select a predicate (condition).

   BEA recommends that you create expressions using the Group condition where possible. When a group is used to create a security role, the security role can be granted to all members of the group (that is, multiple users)

   For more information, see Components of a Security Role: Role Conditions, Expressions, and Role Statements

8. The next steps depend on what condition was chosen.
   • If you selected Group or User, click Next , enter a name in the argument field, and click Add or Remove. The names you add must match groups or users in the security realm active for this WebLogic domain.
   • If you selected a boolean predicate: the Server is in development mode , Allow access to everyone, or Deny access to everyone, there are no arguments to enter. Click Finish and go to step 10.
   • If you selected a context predicate, such as Context element's name equals a numeric constant, click Next and enter the context name and an appropriate value. It is your responsibility to ensure that the context name and/or value exists at runtime.
   • If you selected a time-constrained predicate, such as Access occurs between specified hours, click Next and provide values for the Edit Arguments fields.
9. Click Finish.
10. If desired, repeat steps 7-9 to add more conditions. The system evaluates conditions in the order they appear in the list.
11. If desired, use the buttons in the Scoped Role Conditions section to modify the expressions. Select the check box next to the expression or expressions:
    • Select And/Or between expressions to switch the and / or statements.
    • Click Move Up and Move Down to change the ordering of the selected expression(s).
    • Click Combine or Uncombine to merge or unmerge selected expressions.
    • Click Negate to make a condition negative; for example, NOT Group Operators excludes the Operators group from the role.
    • Click Remove to delete the selected expression.
12. When you have the expressions arranged the way you want, click Save.
13. To access your role in the Roles table, see List security roles