Delegated Administration Overview

Delegated administration provides a mechanism for propagating WebLogic Administration Portal privileges down a hierarchy of roles. A Delegated Administration role is a dynamic classification of users based on user name, group membership or by the user's characteristics (or expressions), such as user profile values or time.

In your organization, you might want individuals to have different rights of access to various administration tasks and resources. For example, a system administrator might have access to every feature in the administration portal. The system administrator might then create a portal administrator role that could manage portal resources, and a library administrator role that can manage your portal resource library. A role policy consists of a role name and role definition.

Delegated Administration roles are mapped to administrative functions on portal resources using security policies. Given the appropriate rights, administrators can delegate both the right to administer a given resource capability and the right for the delegatee to delegate further. For more information on role policies and security policies, see the Overview of Security.

Setting Up an Administrative Role

You can create Delegated Administration roles at any time; however, the following process shows all of the steps in a process that ensures your administrators are set up correctly:

Model your Delegated Administration hierarchy to fit the needs of your organization.
Create a Role for each administrator type.
Define the role three ways:

Assign Delegated Administration rights to various resources: