Security roles can be defined globally or can be scoped to a particular
resource, such as a web service, an EJB, or an application. This topic describe
how to create an application-scoped security role. For more information on
security roles, see Role-Based
Security.
To Define an Application-Scoped Role
In the
Application tab, right-click the
Security
Roles folder. The
New Security Role dialog appears.

- In the Name field, enter the name of the security role.
- (Optional.) Enter a description of the security role.
- To map the role to a principal, you have the following options:
- Use role name. When you select this option, a user
with the same name as the security role is automatically created in
the security realm and this user is mapped to the role. The password
for this user is password.
- Use custom principal name. When you select this
option, you must provide the name of a user or group. This principal
is subsequently mapped to this application scoped role. However, the
principal (that is, no user or group) itself is not automatically created;
you must verify that the principal exist in the security realm.
- Externally defined. When you select this option,
you indicate that the role-principal mapping is defined elsewhere in
the security realm as part of the global role-principal mapping. For
more information, see An
Overview of Role-Based Security.
When you add a new role to the Security Roles folder, this application-scoped
role is declared in the application's application.xml
file (located in the META-INF directory). The role-principal mapping
(or the role with the <externally-defined/> element) is declared in the
file weblogic-application.xml.
Related Topics
Creating Principals and Role-Principal Mappings
Role-Based Security