Skip navigation.

Administration Console Online Help

PreviousNextvertical dots separating previous/next from contents/index/pdfContents

Manage security policies

Before you begin

Read Secure WebLogic resources

A security policy is an association between a WebLogic resource and one or more users, groups, or security roles and is designed to protect the WebLogic resource against unauthorized access. Security policies are always scoped to a WebLogic resource, but because WebLogic resources are hierarchical, the level at which you define a security policy is up to you. For example, you can define security policies on an entire enterprise application (EAR), an EJB JAR containing multiple EJBs, a particular EJB within that JAR, or a single method within that EJB.

A security policy created for a specific instance of a WebLogic resource overrides any security policy assigned to the WebLogic resource type. For example, if you create a security policy for a particular EJB, this security policy , and not the one you created for the EJB module, will be used.

The following are the main steps for creating security roles in a WebLogic security realm:

  1. Determine which resources to which you want to apply security policies.

    See Types of WebLogic Resources

    WebLogic Server provides default security policies for most resource types. See Default security Policies

  2. Use the Administration Console to create and manage security policies:

Related Tasks

Related Concepts


Skip navigation bar   Back to Top