You can configure the Advanced security model so that it copies security roles and policies from deployment descriptors on initial deployment into the security provider data repositories. However, if you redeploy one of these Web applications, WebLogic Server will re-import the security data from the redeployed module's deployment descriptors. This re-import operation can override any modifications that you might have made to the roles and policies that you originally imported.

For example, when you deploy EJB1, you import a role named PrivilegedUser that grants access to a principal named “john.” Then you use the Administration Console to add “pat” along with "john" to the PrivilegedUser role. If you redeploy EJB1 without stopping the importing of roles and policies, WebLogic Server will re-import the definition of the PrivilegedUser role. The imported definition will override your modifications and "pat" will no longer be in the role.

Caution: Failure to stop importing roles and policies may result in inconsistent security configurations when your Web application and EJB resources are redeployed. If you do not perform this step or perform this step incorrectly, you will see the following message the next time you load a module's Policy Editor page: The information presented below may not be accurate. To ensure that you are viewing accurate information, you may need to delete and redeploy your WebLogic resources.

To stop importing roles and policies: