Before you begin
For URL patterns and EJBs this task is not valid if you are using the DDOnly security model. With this model, the resource ignores policies that you create in the Administration Console. See Manage security for Web applications and EJBs.
You can create a security policy that applies to a specific resource instance. If the instance contains other resources, the policy will apply to the included resource as well.
The policy of a narrower scope overrides policy of a broader scope. For example, if you create a security policy for an EAR and a policy for an EJB that is in the EAR, the EJB will be protected by its own policy and will ignore the policy for the EAR. For more information, see Manage security policies.
To create a security policy for a specific instance of a WebLogic resource:
Each resource instance provides its own Edit Policies page, and you can access it through any of several navigational paths.
The Roles and Policies: Policies page organizes all of the domain's resources and corresponding policies in a hierarchical tree control.
For information on finding resources in the Names column, see Column Display.
The Administration Console displays the resource's Edit Policies page.
Oracle recommends that you use the Role condition where possible. Basing conditions on security roles enables you to create one security policy that takes into account multiple users or groups, and is a more efficient method of management.
For more information, see Security Policy Conditions.
Role
, click
Next, enter the name of a security role in
the argument field, and click Add. To create
a compound condition, enter another role name and click
Add. A compound condition evaluates as true
if either predicate is true. For example, if you create a compound
condition that specifies the Operator and Deployer roles, then the
condition is true if the user is in either role. If the security
roles that you enter do not already exist, create them after you
finish creating policies.Group
or
User
, click Next , enter a
name in the argument field, and click Add. To
create a compound condition, enter another user or group name and
click Add. If the users or groups that you
name do not already exist, create them after you finish creating
policies.Server is in
development mode
, Allow access to
everyone
, or Deny access to everyone
),
there are no arguments to enter. Click Finish
and go to step 10.Context
element's name equals a numeric constant
, click
Next and enter the context name and an
appropriate value. It is your responsibility to ensure that the
context name and/or value exists at runtime.and
/
or
statements.Result
The policy appears on the Roles and Policies: Policies page in the Policies table.
After you finish