Managing Metadata Security for Jobs

You can manage the level of access assigned for working with job metadata.

Using Fusion Middleware Control, you can create policies that grant permissions for resources in your application.

Metadata Security Actions

You grant permissions by associating specific actions with resources, then granting those permissions (or permission/resource combinations) to particular users, groups, or roles.

When granting permissions, you specify the actions that someone can take with a given resources. Table 5-7 lists possible actions.

Table 5-7 Grant Actions for Metadata Security

Action	Effect
`READ`	Read the job metadata.
`EXECUTE`	Submit a job request.
`CREATE`	Add metadata.
`UPDATE`	Change the metadata.
`DELETE`	Delete the metadata.

The resources with which you associate permissions are expressed as entities known to the application, such as by the entity's containing package. That list includes items you or application developers might have defined as well as items Oracle Enterprise Scheduler has defined. Table 5-8 lists a few examples of the effect of granting permission for certain actions to certain resources.

Table 5-8 Sample Permission Grants for Security

Resource	Actions	Effect
`mypackage.JobDefinition.MyJavaSucJobDef`	`EXECUTE`	Grants the ability to submit requests for a single metadata item.
`mypackage.subpackage.*`	`CREATE`,`EXECUTE`	Grants to ability to create and execute any new metadata items in `/mypackage/subpackage`
`JobDefinition.SYS_AdHocRequest`	`CREATE`,`EXECUTE`	Grants ad hoc submission permission
`mypackage.*`	`CREATE`,`EXECUTE`,`DELETE`	Grants wide-open permissions

How to Create Metadata Policies for Oracle Enterprise Scheduler Resources

You can use Enterprise Manager to create functional To manage metadata permissions:

From the navigation pane, expand the WebLogic Domain folder and select the domain for which you're creating policies.
From the WebLogic Domain menu, select Security and then select Application Policies.

The Application Policies page displays.
In the Search section, from the Application Stripe dropdown, select the application stripe with which you want to work.
Click Create to begin granting permissions to certain users, groups, or application roles.

The Create Application Grant page appears.
In the Create Application Grant page, in the Grantee section, click Add.
In the Add Principal window, from the Type dropdown, select a type of principal, then enter a principal name or display name and click the search button to find the principal you want to add.
Under Search Principals, click the principal you want, then click OK.
In the Permissions section, click Add.
In the Search section, click Permissions.
From the Permission Class dropdown, select oracle.as.scheduler.security.MetadataPermission.
Click the Search button.
Under Search Results, select the resource to which you want to assign permissions.

The Search Results table lists resources that represent entities known to the application. Table 5-8 lists a few examples.
Click Continue.
In the Add Permission window, in the Permission Actions field, edit the comma-separated list of permission actions so that the list reflects the permissions you want to grant.

Table 5-7 lists possible actions.
Click OK.