E Role-Based Access in Oracle Service Bus
This appendix includes the following topics:
This appendix only lists the permissions granted by each role defined in WebLogic Server or Fusion Middleware Control. For information about configuring security and using roles in Service Bus, see Defining Access Security for Oracle Service Bus.
E.1 Application Security Roles
Application security roles provide access to Fusion Middleware Control and Oracle Service Bus Console features as long as the users are also members of the Oracle WebLogic Server Monitors group.
You can assign application roles to users from the Service Bus Security page in Fusion Middleware Control.
E.1.1 Application Role-Based Access in Oracle Service Bus Console
The following topics describe the permissions granted by the application roles in the Oracle Service Bus Console.
E.1.1.1 Application Role-Based Access to Resource Actions
The following table describes the permissions granted by application roles for working with Service Bus resources in the Oracle Service Bus Console. In the table below, resources refers to all Service Bus resources (such as proxy services, XML schemas, JNDI providers, and so on), but excludes alert destinations.
Table E-1 Application Role-Based Access to Resources
| Actions | Middleware Administrator | Developer | Composer | Deployer | Tester | Middleware Operator | Application Operator | Monitor |
|---|---|---|---|---|---|---|---|---|
|
Create resources |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
View resources |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
Edit resources |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Delete resources |
Y |
Y |
N |
Y |
N |
N |
N |
N |
|
Move resources (except system resources) |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Rename resources |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Clone resources (except UDDI registries) |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Create alert destination |
Y |
Y |
N |
N |
N |
Y |
N |
N |
|
View alert destination |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
Edit alert destination |
Y |
Y |
N |
N |
N |
Y |
N |
N |
|
Delete alert destination |
Y |
Y |
N |
Y |
N |
Y |
N |
N |
|
Move alert destination |
Y |
Y |
N |
N |
N |
Y |
N |
N |
|
Rename alert destination |
Y |
Y |
N |
N |
N |
Y |
N |
N |
|
Clone alert destination |
Y |
Y |
N |
N |
N |
Y |
N |
N |
|
Create alert rule |
Y |
Y |
N |
N |
N |
Y |
N |
N |
|
View SLA alert rule |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
Edit SLA alert rule |
Y |
Y |
N |
N |
N |
Y |
N |
N |
|
Delete SLA alert rule |
Y |
Y |
N |
N |
N |
Y |
N |
N |
|
Create projects and folders |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
View projects and folders |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
Edit projects and folders |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Delete projects and folders |
Y |
Y |
N |
Y |
N |
N |
N |
N |
|
Run Test Console |
Y |
Y |
N |
N |
Y |
N |
N |
N |
E.1.1.2 Application Role-Based Access to Administration Functions
The following table describes the permissions granted by application roles for administrative functions in the Oracle Service Bus Console.
Table E-2 Application Role-Based Access to Administration Functions
| Actions | Middleware Administrator | Developer | Composer | Deployer | Tester | Middleware Operator | Application Operator | Monitor |
|---|---|---|---|---|---|---|---|---|
|
Import resources from configuration or ZIP file |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Export resources from configuration or ZIP |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Import resources from URL |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Export resources from URL |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Import from UDDI |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Synchronize Auto-Import Status |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Unlink UDDI |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Publish to UDDI |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Auto-Publish Status |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Publish Auto-Publish Status |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Find and replace |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Create configuration file |
Y |
Y |
N |
N |
N |
N |
N |
N |
|
Execute configuration file |
Y |
Y |
N |
N |
N |
N |
N |
N |
E.1.1.3 Application Role-Based Access to Session Management
The following table describes the session activity permissions granted by application roles in the Oracle Service Bus Console.
Table E-3 Application Role-Based Access to Session Management
| Actions | Middleware Administrator | Developer | Composer | Deployer | Tester | Middleware Operator | Application Operator | Monitor |
|---|---|---|---|---|---|---|---|---|
|
Edit session |
Y |
Y |
N |
Y |
N |
Y |
N |
N |
|
View all sessions |
Y |
Y |
N |
Y |
N |
Y |
N |
N |
|
View change history |
Y |
Y |
N |
Y |
N |
Y |
N |
N |
|
Activate changes |
Y |
Y |
N |
Y |
N |
Y |
N |
N |
|
Discard changes |
Y |
Y |
N |
Y |
N |
Y |
N |
N |
|
Exit session |
Y |
Y |
N |
Y |
N |
Y |
N |
N |
E.1.2 Application Role-Based Access in Fusion Middleware Control
The following table describes the permissions granted by the application roles to the Service Bus monitoring and management functions in Fusion Middleware Control.
Table E-4 Application Role-Based Access in Fusion Middleware Control
| Actions | Middleware Administrator | Developer | Composer | Deployer | Tester | Middleware Operator | Application Operator | Monitor |
|---|---|---|---|---|---|---|---|---|
|
View statistics |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
Reset statistics |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
|
View alerts |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
Delete alerts |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
|
Update alert annotations |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
|
View Alert History |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
Update global settings |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
|
View global settings |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
Update operational settings |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
|
View operational settings |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
View message reports |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
Purge Messages |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
|
Take URI online or offline |
Y |
Y |
Y |
Y |
N |
Y |
N |
N |
|
Import and export configuration JAR files |
Y |
Y |
N |
Y |
N |
N |
N |
N |
|
Update security policiesFoot 1 |
Y |
Y |
Y |
N |
N |
N |
N |
N |
|
View resequencing groups |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
|
Resolve resequencing group errors |
Y |
Y |
Y |
N |
N |
N |
Y |
N |
|
Launch test console |
Y |
Y |
Y |
Y |
Y |
N |
N |
N |
Footnote 1
These roles must be members of the WebLogic Server Administrators group in order to update security policies.
E.2 Enterprise Security Roles
Enterprise security roles provide access to Fusion Middleware Control and Oracle Service Bus Console features as long as the users are also members of the Oracle WebLogic Server Monitors group.
You can assign application roles to users from the Service Bus Security page in Fusion Middleware Control.
E.2.1 Enterprise Role-Based Access in Oracle Service Bus Console
The following topics describe the permissions granted by the enterprise roles in the Oracle Service Bus Console.
E.2.1.1 Enterprise Role-Based Access to Resource Actions
The following table describes the permissions granted by enterprise roles for working with Service Bus resources in the Oracle Service Bus Console. In the table below, resources refers to all Service Bus resources (such as proxy services, XML schemas, JNDI providers, and so on), but excludes alert destinations.
Table E-5 Enterprise Role-Based Access to Resource Actions
| Actions | Integration Admin | Integration Deployer | Integration Operator | Integration Monitor |
|---|---|---|---|---|
|
Create resources |
Y |
Y |
N |
N |
|
View resources |
Y |
Y |
Y |
Y |
|
Edit resources |
Y |
Y |
N |
N |
|
Delete resources |
Y |
Y |
N |
N |
|
Move resources (except system resources) |
Y |
Y |
N |
N |
|
Rename resources |
Y |
Y |
N |
N |
|
Clone resources (except UDDI registries) |
Y |
Y |
N |
N |
|
Create alert destination |
Y |
Y |
Y |
N |
|
View alert destination |
Y |
Y |
Y |
Y |
|
Edit alert destination |
Y |
Y |
Y |
N |
|
Delete alert destination |
Y |
Y |
Y |
N |
|
Move alert destination |
Y |
Y |
Y |
N |
|
Rename alert destination |
Y |
Y |
Y |
N |
|
Clone alert destination |
Y |
Y |
Y |
N |
|
Create alert rule |
Y |
Y |
Y |
N |
|
View SLA alert rule |
Y |
Y |
Y |
Y |
|
Edit SLA alert rule |
Y |
Y |
Y |
N |
|
Delete SLA alert rule |
Y |
Y |
Y |
N |
|
Create projects and folders |
Y |
Y |
N |
N |
|
View projects and folders |
Y |
Y |
Y |
Y |
|
Edit projects and folders |
Y |
Y |
N |
N |
|
Delete projects and folders |
Y |
Y |
N |
N |
|
Run Test Console |
Y |
Y |
N |
N |
E.2.1.2 Enterprise Role-Based Access to Administration Functions
The following table describes the permissions granted by enterprise roles for administrative functions in the Oracle Service Bus Console.
Table E-6 Enterprise Role-Based Access to Administration Functions
| Actions | Integration Admin | Integration Deployer | Integration Operator | Integration Monitor |
|---|---|---|---|---|
|
Import resources from configuration or ZIP file |
Y |
Y |
N |
N |
|
Export resources from configuration or ZIP |
Y |
Y |
N |
N |
|
Import resources from URL |
Y |
Y |
N |
N |
|
Export resources from URL |
Y |
Y |
N |
N |
|
Import from UDDI |
Y |
Y |
N |
N |
|
Synchronize Auto-Import Status |
Y |
Y |
Y |
Y |
|
Unlink UDDI |
Y |
Y |
N |
N |
|
Publish to UDDI |
Y |
Y |
N |
N |
|
Auto-Publish Status |
Y |
Y |
Y |
Y |
|
Publish Auto-Publish Status |
Y |
Y |
N |
N |
|
Find and replace |
Y |
Y |
N |
N |
|
Create configuration file |
Y |
Y |
N |
N |
|
Execute configuration file |
Y |
Y |
N |
N |
E.2.1.3 Enterprise Role-Based Access to Session Management
The following table describes the session activity permission granted by enterprise roles in the Oracle Service Bus Console.
Table E-7 Enterprise Role-Based Access to Session Management
| Actions | Integration Admin | Integration Deployer | Integration Operator | Integration Monitor |
|---|---|---|---|---|
|
Edit session |
Y |
Y |
Y |
N |
|
View all sessions |
Y |
Y |
N |
N |
|
View change history |
Y |
Y |
Y |
N |
|
Activate changes |
Y |
Y |
Y |
N |
|
Discard changes |
Y |
Y |
Y |
N |
|
Exit session |
Y |
Y |
Y |
N |
E.2.2 Enterprise Role-Based Access in Fusion Middleware Control
The following table describes the permissions granted by the enterprise roles to the Service Bus monitoring and management functions in Fusion Middleware Control.
Table E-8 Enterprise Role-Based Monitoring and Management Access
| Actions | Integration Admin | Integration Deployer | Integration Operator | Integration Monitor |
|---|---|---|---|---|
|
View statistics |
Y |
Y |
Y |
Y |
|
Reset statistics |
Y |
Y |
Y |
N |
|
View alerts |
Y |
Y |
Y |
Y |
|
Delete alerts |
Y |
Y |
Y |
N |
|
Update alert annotations |
Y |
Y |
Y |
N |
|
View alert history |
Y |
Y |
Y |
Y |
|
Update global settings |
Y |
Y |
Y |
N |
|
View global settings |
Y |
Y |
Y |
Y |
|
Update operational settings |
Y |
Y |
Y |
N |
|
View operational settings |
Y |
Y |
Y |
Y |
|
View message reports |
Y |
Y |
Y |
Y |
|
Purge Messages |
Y |
Y |
Y |
N |
|
Take URI online or offline |
Y |
Y |
Y |
N |
|
Import and export configuration JAR files |
Y |
Y |
N |
N |
|
Update security policies |
Y |
Y |
N |
N |
|
View resequencing groups |
Y |
Y |
Y |
Y |
|
Resolve resequencing group errors |
Y |
Y |
N |
N |
|
Launch test console |
Y |
Y |
N |
N |
E.3 Role-Based Security Configuration Access
This section describes permissions for the tasks you perform to define access security for users, groups, and roles.
Table E-9 Role-Based Security Configuration Access
| Actions | Integration Admin | Integration Deployer | Integration Operator | Integration Monitor |
|---|---|---|---|---|
|
Create User |
N |
N |
N |
N |
|
View User |
Y |
Y |
Y |
Y |
|
Edit User |
N |
N |
N |
N |
|
Delete User |
N |
N |
N |
N |
|
Create Group |
N |
N |
N |
N |
|
View Group |
Y |
Y |
Y |
Y |
|
Edit Group |
N |
N |
N |
N |
|
Delete Group |
N |
N |
N |
N |
|
Create Role |
N |
N |
N |
N |
|
View Role |
Y |
Y |
Y |
Y |
|
Edit Role |
N |
N |
N |
N |
|
Delete Role |
N |
N |
N |
N |
|
Create Policy |
N |
N |
N |
N |
|
View Policy |
Y |
Y |
Y |
Y |
|
Edit Policy |
N |
N |
N |
N |
|
Delete Policy |
N |
N |
N |
N |