Oracle WebLogic Server: WebLogic Administrator Accounts with Specific Grants
By Gokhan Gungor on Aug 17, 2012
Let me briefly explain the basic terms. A domain is a basic administration unit for WebLogic Server instances which also contains all the related resources. A resource can be either an entity such as a Web Service or a server instance or an action such as the act of shutting down a server instance or deploying an application. We use policies and roles to secure the resources in a WebLogic Server domain by determining which users, groups, or roles can access which resources. Let's create a WebLogic administrator user that has a grant for application deployments only. Below is step by step instructions.
To create a new User:
1. Open WebLogic Console.
2. In the Domain Structure window click on Security Realms.
3. On the right Content Pane click on security realm for which you are creating a user (for example, myrealm).
4. Click Users and Groups.
5. The Users and Groups page displays all the users currently defined in the WebLogic Authentication provider's database.
6. Click the New button link to display the Create a New User page.
7. Enter the name of the user in the Name field. (User names are case sensitive.)
8. Optionally, enter a description of the user (such as their full name) in the Description field.
9. Enter a password for the user in the Password/Confirm Password fields.
10. Click OK to save your changes.
Adding Users to Groups:
1. In the Domain Structure window click on Security Realms.
2. On the right Content Pane click on security realm for which you are creating a user (for example, myrealm).
3. Click Users and Groups.
4. Click the name of the user that we just created.
5. Click on the Groups tab.
6. All the groups available in the WebLogic Authentication provider's database appear in the Parent Groups box. Use the check-box to select Deployers group and click the right arrow to move it to the Chosen box.
7. Click Save to save your changes.
Now if you log out and login as the user we just created you will see that most of the actions are disabled. This new user can manage deployments (Install/Update/Delete/Start/Stop) but nothing else. This is how you can create admin users with specific grants.