Oracle Enterprise Manager Fusion Middleware Control supports the notion
of role-based access. Users are mapped to different roles; each role
corresponds to a different set of privileges. Using this mechanism, you
can provision certain users with simple monitoring privileges (for
instance view-only access), while administrators can be granted full
access, including the ability to update configurations, restart servers,
and so on.
The following roles have been defined for Oracle WebLogic Server in Oracle Enterprise Manager Fusion Middleware Control:
1. Administrator
2. Operator
3. Monitor
The actions that you can perform in Oracle Enterprise Manager Fusion Middleware Control are protected using Oracle WebLogic Server enterprise roles. To obtain the appropriate behavior in Oracle Enterprise Manager Fusion Middleware Control, you must correctly map either the user or enterprise role to the Oracle SOA Suite application role.
SOAAdmin -to- Administrator
SOAOperator -to- Operator
SOAMonitor -to- Monitor
There is no default mapping of the SOAMonitor and SOAOperator roles to Oracle WebLogic Server groups or users. These roles must be manually mapped in Oracle Enterprise Manager Fusion Middleware Control.
However we do not have any role SOADeployer.
This is what you should do if you want to create a custom role in Oracle EM Fusion Middleware control.
The role will have the below grants only:
1. Deploy Applications to WebLogic servers
2. Life-cycle SOA composites for all folders.
Steps:
1. Create SOADeployerUsersGroup
a. Login to WebLogic console
b. Navigate to Security Realms > myrealm > Users&Groups > Groups tab
c. Create new Group SOADeployerUsersGroup
d. Click on SOADeployerUsersGroup and under Membership tab add Deployers and Save.
2. Create Role
a. Login to EM
b. Navigate to WebLogic domain (soa_domain) > Security > Application Roles
c. Select Application Stripe - soa-infra
d. Create new Role SOADeployerCustomRole
e. Under Membership section, Add > Group > SOADeployerUsersGroup
f. Save
3. Create Principal
a. On EM navigate to WebLogic domain (soa_domain) > Security > Application Policies
b. Create Principal
c. On Add Principal section, Search for Application Role > Select SOADeployerCustomRole
d. Under Permissions, Click on Add
e. Select Class - CompositePermission and filter Resource Name > Includes > *
e. Select first resource and click on Next
f. Under Customize, select read, provision and life-cycle
g. Continue ans Save.
Now you can create a User in Weblogic Server add it to SOADeployerUsersGroup membership.
You can then deploy your code from JDeveloper or using scripts with this user to any SOA folder.
Helpful? Please Comment.
Happy Learning!!
The following roles have been defined for Oracle WebLogic Server in Oracle Enterprise Manager Fusion Middleware Control:
1. Administrator
2. Operator
3. Monitor
The actions that you can perform in Oracle Enterprise Manager Fusion Middleware Control are protected using Oracle WebLogic Server enterprise roles. To obtain the appropriate behavior in Oracle Enterprise Manager Fusion Middleware Control, you must correctly map either the user or enterprise role to the Oracle SOA Suite application role.
SOAAdmin -to- Administrator
SOAOperator -to- Operator
SOAMonitor -to- Monitor
There is no default mapping of the SOAMonitor and SOAOperator roles to Oracle WebLogic Server groups or users. These roles must be manually mapped in Oracle Enterprise Manager Fusion Middleware Control.
However we do not have any role SOADeployer.
This is what you should do if you want to create a custom role in Oracle EM Fusion Middleware control.
The role will have the below grants only:
1. Deploy Applications to WebLogic servers
2. Life-cycle SOA composites for all folders.
Steps:
1. Create SOADeployerUsersGroup
a. Login to WebLogic console
b. Navigate to Security Realms > myrealm > Users&Groups > Groups tab
c. Create new Group SOADeployerUsersGroup
d. Click on SOADeployerUsersGroup and under Membership tab add Deployers and Save.
2. Create Role
a. Login to EM
b. Navigate to WebLogic domain (soa_domain) > Security > Application Roles
c. Select Application Stripe - soa-infra
d. Create new Role SOADeployerCustomRole
e. Under Membership section, Add > Group > SOADeployerUsersGroup
f. Save
3. Create Principal
a. On EM navigate to WebLogic domain (soa_domain) > Security > Application Policies
b. Create Principal
c. On Add Principal section, Search for Application Role > Select SOADeployerCustomRole
d. Under Permissions, Click on Add
e. Select Class - CompositePermission and filter Resource Name > Includes > *
e. Select first resource and click on Next
f. Under Customize, select read, provision and life-cycle
g. Continue ans Save.
Now you can create a User in Weblogic Server add it to SOADeployerUsersGroup membership.
You can then deploy your code from JDeveloper or using scripts with this user to any SOA folder.
Helpful? Please Comment.
Happy Learning!!
No comments:
Post a Comment