2.2 About Oracle Access Management Administrators

A single default LDAP group, the WebLogic Server Administrators group, is set in the Default User Identity Store (Embedded LDAP) designated as the System Store. The LDAP group, when assigned to a specified user, grants full system and policy configuration privileges.

Specifying a different LDAP group prohibits WebLogic Administrators from logging in to Oracle Access Management Console or from using administrative command-line tools.


Unless explicitly stated, the term Administrator in this guide refers to the Oracle Access Management System Administrator.

During initial deployment with the Oracle Fusion Middleware Configuration Wizard, the System Administrator userID and password are set. These credentials grant access to the:

  • Oracle Access Management Console to register and manage system configurations, security elements, and policies.

    See Oracle Access Management Console and the Policy Manager Console for details.

  • WebLogic Server Administration Console to view the Summary of Server Configuration (Cluster, Machine, State, Health, and Listening Port) of deployed OAM Servers within the WebLogic Server domain, and also to Start, Resume, Suspend, Shutdown, or Restart SSL on these servers. See the Administering Oracle Fusion Middleware for more information.

  • Custom Administrative command-line tools (including the WebLogic Scripting Tool and Remote Registration Tool) provide an alternative to the Oracle Access Management Console for a specific set of functions.

    See Command-Line Tools for Configuration.

Initially, a System Administrator user must log in to the Oracle Access Management Console using the WebLogic Administrator credentials set during initial configuration. However, your enterprise might require independent sets of Administrators: one set of users responsible for Oracle Access Management administration and a different set for WebLogic administration.

See Understanding Administrator Roles.