This chapter describes the default security roles in Oracle Service Bus and shows how they correspond to Oracle WebLogic Server default roles.
Oracle Service Bus supports various roles. The role assigned to a user determines the tasks that a user can perform. You can assign roles to users to secure resources and services in the Oracle Service Bus Administration Console by restricting access.
This chapter includes the following sections:
You can also restrict the user interfaces that should be made available to a given role depending on the privileges of the role.
By default, IntegrationAdmin, IntegrationDeployer, IntegrationMonitor, IntegrationOperator are predefined roles in Oracle Service Bus. The following section describes the various roles available in Oracle Service Bus and their functionality.
The IntegrationAdmin role is an administrative security role. As an IntegrationAdmin, you can access Oracle Service Bus Administration Console. Users assigned to this role can access all resources and services in Oracle Service Bus. This role is granted to users requiring administrator privileges in Oracle Service Bus Administration Console.
In Oracle Service Bus, you can assign the IntegrationAdmin role by assigning the IntegrationAdmins parent group when you create or reconfigure a user. For more information about creating a user in Oracle Service Bus, see Section 25.3, "Adding Users.".
Users who are assigned this role can perform the following tasks in Oracle Service Bus Administration Console.
Create or commit session
Create, edit, or delete resources and projects
View the available users and groups in Oracle Service Bus
View and configure monitoring, reporting, and tracing for business and proxy services
Import or export resources
View and configure UDDI registries
Publish and import resources from registries
The IntegrationDeployer role is assigned to users who deploy services. An IntegrationDeployer can access Oracle Service Bus Administration Console to create and deploy resources and services. Also in this role, you can access the existing resources and services in the Oracle Service Bus.
When a user is created or reconfigured in Oracle Service Bus, IntegrationDeployer role is granted by assigning the IntegrationDeployers parent group. For more information about how to create a user in the Oracle Service Bus, see Section 25.3, "Adding Users."
Users who are assigned this role can perform all tasks that can be performed by a user in the IntegrationAdmin role. For more information about tasks performed by an user in the IntegrationAdmin role, see Section 45.1.1, "IntegrationAdmin."
The IntegrationMonitor role is granted to users who monitor resources and services in Oracle Service Bus Administration Console. Users assigned to this role can also monitor violations to Service Level Agreements (SLAs), and the alerts from the message flow pipeline.
When a user is created or reconfigured in Oracle Service Bus Administration Console, the IntegrationMonitor role is assigned to users by assigning the IntegrationMonitors parent group. For more information about how to create a user in Oracle Service Bus Administration Console, see Section 25.3, "Adding Users."
Users who are assigned this role can perform the following tasks:
View dashboard for SLA alerts and pipeline alerts
Use SmartSearch to view business services, proxy services, alert destination and SLA alert rules
View details of existing users and groups
View details of resources
The IntegrationOperator role is granted to users, who perform day-to-day operations in Oracle Service Bus Administration Console. IntegrationOperators can perform the day-to-day operations on the resources in Oracle Service Bus Administration Console. This role can also perform certain monitoring tasks and session management.
When a user is created or reconfigured in Oracle Service Bus Administration Console, the IntegrationOperator role is granted by assigning the IntegrationOperators parent group. For more information about how to create a user in Oracle Service Bus Administration Console, see Section 25.3, "Adding Users."
Users who are assigned this role can perform the following tasks:
View configuration details of all resources
View and configure monitoring, tracing, logging, and reporting for business services and proxy services
Edit and update dashboard settings
Add, update, and delete alert rules
Add, view, delete, and edit alert destinations
View and purge SLA alerts for business services and proxy services
View and purge pipeline alerts for proxy services
Use SmartSearch to view and edit operational settings for business services, proxy services, alert destination, and SLA alert rules
Use global settings to enable or disable monitoring, pipeline alerting, SLA alerting, reporting, and logging at a global level
View the status of all the servers associated with the domain
View and purge message reports
View the UDDI registries that have been configured for the domain
View, the auto-publish status and auto-import status of business services and proxy services
View security configurations of users and groups
For more information about tasks you can perform in each of these roles, see "Configuring Administrative Security" in the Oracle Fusion Middleware Developer's Guide for Oracle Service Bus.
Roles in Oracle Service Bus Administration Console are related to corresponding roles in the Oracle WebLogic Server Administration Console. Table 45-1 gives different roles available in Oracle Service Bus Administration Console and the corresponding roles in the Oracle WebLogic Server Administration Console.
Table 45-1 Relationship Between Roles in WLS and Roles in Oracle Service Bus
| Roles in Oracle Service Bus | Roles in WLS |
|---|---|
|
IntegrationAdmin |
Administrator |
|
IntegrationDeployer |
Deployer |
|
IntegrationMonitor |
Monitor |
|
IntegrationOperator |
Operator |
Users belonging to the Administrator role in Oracle WebLogic Server are automatically included in the IntegrationAdmin group in Oracle Service Bus Administration Console. The converse however, is not true.
Note:
A user can also be associated with multiple roles. For example, a user can be associated with IntegrationAdmin role in Oracle Service Bus Administration Console must posses the Administrator role in Oracle Service Bus to access the Oracle WebLogic Server Administration Console.
You can create new roles in Oracle Service Bus if you possess Administrator role in the Oracle WebLogic Server Administration Console. An administrator can create new roles from the Global Roles page and customize the role by editing the conditions for the new role in the Global Role Conditions page. For more information about creating and customizing roles, see Section 25.11, "Adding Roles."