Before you begin
A security policy is an association between a WebLogic resource and one or more users, groups, or security roles and is designed to protect the WebLogic resource against unauthorized access. Security policies are always scoped to a WebLogic resource, but because WebLogic resources are hierarchical, the level at which you define a security policy is up to you. For example, you can define security policies on an entire enterprise application (EAR), an EJB JAR containing multiple EJBs, a particular EJB within that JAR, or a single method within that EJB.
A security policy created for a specific instance of a WebLogic resource overrides any security policy assigned to the WebLogic resource type. For example, if you create a security policy for a particular EJB, this security policy , and not the one you created for the EJB module, will be used.
The following are the main steps for creating security roles in a WebLogic security realm:
WebLogic Server provides default security policies for most resource types. See Default security Policies