How Do I: Create An Application-Scoped Security Role?

Security roles can be defined globally or can be scoped to a particular resource, such as a web service, an EJB, or an application. This topic describe how to create an application-scoped security role. For more information on security roles, see Role-Based Security.

To Define an Application-Scoped Role

  1. In the Application tab, right-click the Security Roles folder. The New Security Role dialog appears.

  2. In the Name field, enter the name of the security role.
  3. (Optional.) Enter a description of the security role.
  4. To map the role to a principal, you have the following options:
    • Use role name. When you select this option, a user with the same name as the security role is automatically created in the security realm and this user is mapped to the role. The password for this user is password.
    • Use custom principal name. When you select this option, you must provide the name of a user or group. This principal is subsequently mapped to this application scoped role. However, the principal (that is, no user or group) itself is not automatically created; you must verify that the principal exist in the security realm.
    • Externally defined. When you select this option, you indicate that the role-principal mapping is defined elsewhere in the security realm as part of the global role-principal mapping. For more information, see An Overview of Role-Based Security.

When you add a new role to the Security Roles folder, this application-scoped role is declared in the application's application.xml file (located in the META-INF directory). The role-principal mapping (or the role with the <externally-defined/> element) is declared in the file weblogic-application.xml.

Related Topics

Creating Principals and Role-Principal Mappings

Role-Based Security