Users are entities that can
be authenticated in a security realm. A user can be a person, such as
application end user, or a software entity, such as a client
application, or other instances of a WebLogic Server. As a result of
authentication, a user is assigned an identity, or principal. Each user
is given a unique identity within the security realm. Users may be
placed into groups that are associated with security roles, or can be
directly associated with security roles.
Groups are logically ordered
sets of users. Users are organized into groups that can have different
levels of access to WebLogic resources, depending on their job
functions. Managing groups is more efficient than managing large numbers
of users individually. All user names and groups must be unique within a
security realm.
Notes:
- The Administration Console can display a maximum of 1000 users or
groups. If the number of users or groups defined in the corresponding
identity store exceeds 1000, you can specify a search filter to limit
the display. For more information, see Modify users and Modify groups.
- The Administration Console can display users and groups that are
defined in any of the Authentication providers included with WebLogic
Server. However, the Administration Console can be used to create,
update, or delete only users and groups that are defined in either the
WebLogic Authentication provider or an RDBMS system that is configured
with a valid SQL Authentication provider. If you customize the default
security configuration to use a different Authentication provider –
for example, the Oracle Internet Directory Authentication provider –
you must use the administration tools supplied by the corresponding
LDAP server or RDBMS to create or modify a user or group.
- If you are upgrading to the WebLogic Authentication provider, you
can load existing users and groups into its database. For more
information, see Migrating Security Data.
The following are the main tasks for setting up users and groups: