Oracle WebLogic Server: WebLogic Administrator Accounts with Specific Grants

When we create a WebLogic domain we create a default Administrator account.  This user belongs to admin security role by default and has a permission to do all management tasks on WebLogic server instances in a domain. However there are cases where we need to create other administrator users with only specific grants. One example would be creating WebLogic administrator user who is responsible for managing application deployment and NOTHING ELSE.  Lets’ see how   we can easily accomplish this.

Let me briefly explain the basic terms. A domain is a basic administration unit for WebLogic Server instances which also contains all the related resources.   A resource can be either an entity such as a Web Service or a server instance or an action such as the act of shutting down a server instance or deploying an application. We use policies and roles to secure the resources in a WebLogic Server domain by determining which users, groups, or roles can access which resources.  Let's create a WebLogic administrator user that has a grant for application deployments only. Below is step by step instructions.

To create a new User:
1.    Open WebLogic Console.
2.    In the Domain Structure window click on Security Realms.
3.    On the right Content Pane click on security realm for which you are creating a user (for example, myrealm).



4.    Click Users and Groups.
5.    The Users and Groups page displays all the users currently defined in the WebLogic Authentication provider's database.

6.    Click the New button link to display the Create a New User page.


7.    Enter the name of the user in the Name field. (User names are case sensitive.)
8.    Optionally, enter a description of the user (such as their full name) in the Description field.
9.    Enter a password for the user in the Password/Confirm Password fields.
10.    Click OK to save your changes.



Adding Users to Groups:
1.    In the Domain Structure window click on Security Realms.
2.    On the right Content Pane click on security realm for which you are creating a user (for example, myrealm).
3.    Click Users and Groups.
4.    Click the name of the user that we just created.


5.    Click on the Groups tab.
6.    All the groups available in the WebLogic Authentication provider's database appear in the Parent Groups box. Use the check-box to select Deployers group and click the right arrow to move it to the Chosen box.


7.    Click Save to save your changes.


Now if you log out and login as the user we just created you will see that most of the actions are disabled. This new user can manage deployments (Install/Update/Delete/Start/Stop) but nothing else. This is how you can create admin users with specific grants.

Comments:

Hi,

I am setting up a weblogic domain where I want to include a development, acceptance and maintenance environment for a application. Is it possible to also have 3 users that can deploy only to their own application. 1 user for deploying only to dvl, 1 user for deploying only to acc, etc.?
Is this possible with the default roles or do I have to perform specific setup (and which). Thanks in advance.

Posted by guest on December 17, 2012 at 09:30 AM CET #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Oracle ECEMEA Partner Hubs Migration Center Team

We share our skills to maximize your revenue!
Our dedicated team of consultants can rapidly and successfully assist you to adopt and implement the latest of Oracle Technology in your solutions.

Stay Connected
partner.imc
@
beehiveonline.oracle-DOT-com
Google+

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today