Users are entities that can be authenticated in a security realm. A user can be a person, such as application end user, or a software entity, such as a client application, or other instances of a WebLogic Server. As a result of authentication, a user is assigned an identity, or principal. Each user is given a unique identity within the security realm. Users may be placed into groups that are associated with security roles, or can be directly associated with security roles.

Groups are logically ordered sets of users. Users are organized into groups that can have different levels of access to WebLogic resources, depending on their job functions. Managing groups is more efficient than managing large numbers of users individually. All user names and groups must be unique within a security realm.

Notes:

• The Administration Console can display a maximum of 1000 users or groups. If the number of users or groups defined in the corresponding identity store exceeds 1000, you can specify a search filter to limit the display. For more information, see Modify users and Modify groups.
• The Administration Console can display users and groups that are defined in any of the Authentication providers included with WebLogic Server. However, the Administration Console can be used to create, update, or delete only users and groups that are defined in either the WebLogic Authentication provider or an RDBMS system that is configured with a valid SQL Authentication provider. If you customize the default security configuration to use a different Authentication provider – for example, the Oracle Internet Directory Authentication provider – you must use the administration tools supplied by the corresponding LDAP server or RDBMS to create or modify a user or group.
• If you are upgrading to the WebLogic Authentication provider, you can load existing users and groups into its database. For more information, see Migrating Security Data.

The following are the main tasks for setting up users and groups: