1 Introduction

The WebLogic Security Service combines several layers of security features to prevent unauthorized access to your WebLogic Server domains.

This document describes using roles and policies to determine who can access resources in a domain. The roles and policies feature fulfills the same function as the familiar Access Control List (ACL), but offers an improvement over ACLs: an ACL is static while roles and policies specify conditions under which users can access resources, and these conditions are evaluated at run time.