To connect to a WebLogic Server MBean server, a JMX client must supply credentials for a user who has been defined in the WebLogic Server domain's security realm. To further secure the MBeans that have been registered in an MBean server, WebLogic Server uses security roles and policies.

By default, a WebLogic Server security realm contains four global security roles: Admin, Deployer, Operator, and Monitor, and the default security policies for WebLogic Server MBeans grant the following permissions:

• All users have read access to all attributes that are not encrypted.
• All users can invoke lookup operations, such as lookupCluster(String name) in DomainMBean.
• All users can invoke the userExists method on security provider MBeans.
• Only the Admin role has read access to encrypted attributes.
• Only the Admin role has write access to writable attributes and can invoke operations other than lookup operations.

Security providers can override these default settings. To modify these defaults from the Administration Console, see Create JMX policies.

For more information, see Default Security Policies for MBeans

.