Manage security roles

Before you begin

A security role is a privilege granted to users or groups based on specific conditions. Granting a security role to a user or a group confers the defined access privileges on that user or group, as long as the user or group is configured to belong to the security role. Multiple users or groups can be granted the same security role and a user or group can have more than one security role.

There are two types of security roles in WebLogic Server:

Global role: a security role that applies to all WebLogic resources deployed within a security realm (and thus the entire WebLogic Server domain). Note default set copy from global roles task .
Scoped role: a security role that applies to a specific instance of a WebLogic resource deployed in a security realm (such as a method on an EJB or a branch of a JNDI tree).

The following are the main steps for creating security roles in a WebLogic security realm:

Determine how you want to use Global security roles.
WebLogic Server provides a set of global roles to which you can add users and groups. For more information, see Default Global Roles
Determine which resources to which you want to apply scoped security roles.
See Types of WebLogic Resources
Use the Administration Console to create and manage security roles:
Security roles are applied only when you add them to a security policy.
See Manage security policies