To create a user login to the Oracle WebLogic Remote Console:

1. Log in to the Oracle WebLogic Remote Console, and click Security in the left pane and then select Realms.
2. On the Summary of Security Realms page, select the name of the realm.
3. In Realm, select Authentication Providers, and then select DefaultAuthenticator.
4. Further, select Users.
5. Click New.
6. In the Name field of the Create New User page enter a unique name for the user.
7. (Optional) In the Description field, enter a description. The description might be the user's full name.
8. In the Provider drop-down list, select DefaultAuthenticator.
9. In the Password field, enter a password for the new user, then reenter the password in the Confirm Password field.
10. Click OK.

For more information about how to create roles, add users to groups, and secure resources with roles and policies in Oracle WebLogic Server, see Users, Groups, and Security Roles in Securing Resources Using Roles and Policies for Oracle WebLogic Server.

To assign a WebLogic Server role to a user:, add the user to a group:

1. In the WebLogic Server Administration Control Console Users table, select the user you want to add to a group.
2. On the Settings for User Name page, select Groups.
3. Select a group from the Available list box.

   Some of the default groups available in WebLogic Server are:

   Group Name	Membership
   Administrators	By default, this group contains the user information entered as part of the installation process (that is, the Configuration Wizard), and the system user if the WebLogic Server instance is running Compatibility security. Any user assigned to the Administrators group is granted the Admin security role by default.
   Deployers	By default, this group is empty. Any user assigned to the Deployers group is granted the Deployer security role by default.
   Operators	By default, this group is empty. Any user assigned to the Operators group is granted the Operator security role by default.
   Monitors	By default, this group is empty. Any user assigned to the Monitors group is granted the Monitor security role by default.
   AppTesters	By default, this group is empty. Any user assigned to the AppTesters group is granted the AppTester security role by default.
   CrossDomainConnectors	By default, this group is empty. Any user assigned to the CrossDomainConnectors group is granted the CrossDomainConnector security role by default.
   AdminChannelUsers	By default, this group is empty. Any user assigned to the AdminChannelUsers group is granted the AdminChannelUser security role by default

4. Click Save.

A user can be assigned an application-level role (such as SOAMonitor) or a folder-specific role (for example, default_Monitor for the default folder).

To assign a SOA role to a user, use Oracle Enterprise Manager Fusion Middleware Control:

1. Log in to Oracle Enterprise Manager Fusion Middleware Control as an Administrator.
2. From the SOA Infrastructure menu, select Security, then Application Roles.
3. In the list, select the role that you want to grant to the user and click Edit.

   The following screenshot shows the available SOA roles. By assigning a user to one of these roles, the user has the associated permissions for all of the folders and partitions in the SOA application.

   
4. In the Edit Application Role page, click Add.
5. In the Add Principal dialog, from the Type list, and select User.
6. In the Principal Name list, select the user and click OK.

   The selected user is given the selected role.

   

You can customize permissions associated with a particular role or user by managing application policies.

To customize role permissions:

1. Log in to Oracle Enterprise Manager Fusion Middleware Control as an Administrator.
2. From the SOA Infrastructure menu, select Security, then Application Policies.
3. In the list, select the row showing the user and role for which you want to customize permissions and click Edit.
4. In the Edit Application Grant page, click Edit and edit the permissions as required.

   The following table lists the permissions for the default roles in Oracle Enterprise Manager. Note that these roles can be altered or new roles can be created with required permissions.

   Role	CompositePermission	SOAPlatformPermission	InstancePermission
   SOAMonitor	read, read-alerts on all folders/partitions	read	monitor, read-payload
   SOAOperator	read, write, provision, lifecycle, read-alerts, manage-alerts	read, write-shared-data, read-shared-data	change-state, monitor, manage-fault, read-payload, test
   SOADesigner	read, write, provision	read, write-shared-data, read-shared-data	N/A
   SOAAdmin	All	All	All

   where

   • CompositePermission represents permissions to invoke an operation on composites. Permissions include:
     • read - read-only actions, including:
       • view composite configuration
       • get default version
       • get composite metadata (export_composite, export_updates, and so on)
       • list deployed composites for a partition
     • write - actions resulting in modifications of composites, including:
       • import updates
     • provision - actions resulting in composite provisions, including:
       • deploy
       • undeploy
       • delete a SOA partition, removing all composites for that partition as a result
     • lifecycle - actions resulting in composite lifecycle state changes, including:
       • start
       • stop
       • activate
       • retire
       • assign default version
     • read-alerts - read all forms of alerts/notifications on configuration actions
     • manage-alerts - manage all forms of alerts/notifications on configuration actions
   • SOAPlatformPermission represents access to configuration operations on SOA server, including viewing and updating the server URL, logging, auditing, and so on. Permissions include:
     • read - view SOA server configuration.
     • write - modify SOA server configuration.
     • write-shared-data - deploy/remove shared composite resources.
     • read-shared-data - export shared composite resources.
   • InstancePermission represents permissions to invoke SOA runt ime operations such as audit trails and fault recovery. Permissions include:
     • monitor - read access to composite instances, including actions such as getNumberOfFaults, getNumberOfCompositeInstances, getNumberOfFaultInstances, getCompositeInstances, getComponentSnapshot, getAuditFlow, getSensorData, and so on.
     • read-payload - along with monitor permission, provides additional ability to view the payload of the run time instances.
     • change-state - access to instance state change actions including:
       • suspend a flow
       • resume a flow
     • manage-fault - access to fault management actions including:
       • recover a fault
       • abort instances
     • delete - ability to delete or purge composite instances and delete rejected messages.
     • modify-payload - along with change-state, provides additional ability to modify payload.
     • migrate - access to composite migration actions.
     • test - access to composite test methods.
5. Click OK.

The following examples show permissions required to access certain functionality in Oracle Enterprise Manager Fusion Middleware Control.

For information about managing SOA folders, see Managing SOA Folders.

To assign a SOA folder role to a user:

1. Log in to Oracle Enterprise Manager Fusion Middleware Control as an Administrator.
2. From the SOA Infrastructure menu, select Security, then Application Roles.
3. In the list, select the required role that you want to assign to the user and click Edit.

   Folder-based roles are named using the convention folder-name_folder-role. For example, some of the roles available for folder test may be as shown here:

   
4. In the Edit Application Role page, click Add.
5. In the Add Principal dialog, from the Type list, select User.
6. In the Principal Name list, select the user and click OK.

   The selected user is granted the permissions associated with the selected folder role.