Creating Groups/Roles in Weblogic 7.0

Similar Messages

• PostEvent to create OIM Roles based on AD groups

  Hi,
  we want to create a similar roles in OIM based on groups in AD.
  What would be the best way to create roles in OIM using the AD group recon or any other way using the group defination in AD.I’m looking for some guidance in doing this ! either using post-process event or any other method ?
  Thanks Richard

  othe option is Scheduled task.
  1. use OOTB AD group loolup recon and reconcile all the AD groups in lookup.
  2. write a scheduled task using OIM API to create group/role in OIM
  a. get the lookup data into map
  b. loop through each record of the map
  c. use oim api to create group
  if(isGroupExists()
  group all ready exists
  else
  createGroup
  Role manager API --oim11g
  http://docs.oracle.com/cd/E17904_01/apirefs.1111/e17334/toc.htm
  tcGroupOperationsIntf API ----oim 10g
  http://otndnld.oracle.co.jp/document/products/id_mgmt/idm_903/doc_cd/javadocs/operations/Thor/API/Operations/tcGroupOperationsIntf.html

• Creating Global Roles in 9.1 using WLST

  Hi,
  Did anyone try creating Global Roles in Weblogic 9.1 ?
  Since in Weblogic 9.1, the Authorizer and Role Mapper providers are XACML based, I am not sure if we can use WLST offline to create global roles.
  Can someone please shed some light on this.
  Thanks -agreddy

  As far as i know you could never create roles via WLST offline, only via WLST online.
  Thanks,
  -satya
  BEA Blog: http://dev2dev.bea.com/blog/sghattu/

• How to create a DBA role in weblogic 11g

  Hi,
  How can I create a role that will have permissions to create, delete, test and configure Data sources and won't be able to do/touch anything else?
  Thanks,
  Vitaly

  Hi Vitaly
  No. This is NOT possible. Basically you want Edit/Modify prvileges only for DataSources section. In high level, you can get like full access to all the areas which is Adminstrators. Or get Read Only access to all the areas like Monitors Group. Or just get Deployers who can only deploy. But you can get like access to only few areas in weblogic console. Below is just high level 3 important groups.
  Login into Weblogic Console -> Security Realms -> myrealm -> Groups tab and you can see list of groups that you can assign to any users.
  Administrators - Administrators can view and modify all resource attributes and start and stop servers.
  Deployers - Deployers can view all resource attributes and deploy applications.
  Monitors - Monitors can view and modify all resource attributes and perform operations not restricted by roles.
  Thanks
  Ravi Jegga

• Creating group dynamically in active directory depending on their role

  Hi,
  I have sycn oid and active directory using directory integration platform. Now the scenario is We have one system says hr system which take care of entering all the user information. Once it submit that information it goes to oid. Now we want that when we import all that user from oid to active directory it didn't duplicate any user as well as depending on their role it should create groups dynamically in active directory. For e.g: If user belong to Trainee category or manager category it must create Trainee group & Manager group & respective person should go into that group. I don't know whether my question is placed in right group or not. I am using filter to do this task but not able to write proper condition in "source matching filter" and "destination matching rule". Any help will be appreciated.
  Thanks,
  Sonya Sharma

  Thanks Tamim. To clear your thought, i will explain again. I have sync oid and active directory through Directory integration platform. I have created user in oid.(cn=users,dc=mycompany,dc=com). It get sync in active directory properly. Now i have created two group in active directory say for e.g Trainees and Manager. There is a field name position in oid which is a custom attribute. When i fill the information of user in oid, I have to fill "Position" attribute also. So my question is that, if i fill Trainee as a value in Position attribute and click on submit it should go in Trainee Group In active directory and not in user group. Same for manager. How can we achieve this? Can we do it through filter? Or any other way? It's needed desperately. Please help me in resolving this issue.
  Regards,
  Sunil

• How to create/get user & role in Weblogic 9.2 programmatically?

  Hi,
  I am new to Weblogic 9.
  I need to create a web service to manage user/role in WebLogic 9.
  Searching thru the web and found some classes like:
  AtnSecurityMgmtHelper, AtnProviderDescription etc
  Are those the correct classes to create/retrieve user & role?
  If so, what jar file contains those classes and where is the jar
  file?
  Thanks in advance,
  Terry

  You can do it with WLST help
  http://e-docs.bea.com/wls/docs92/config_scripting/config_WLS.html#wp1019913
  or via JMX through http://e-docs.bea.com/wls/docs92/javadocs/weblogic/management/security/authentication/UserEditorMBean.html and such

• Create , delete "security roles" in weblogic console - sample Security providers

  Hi Everyone:
  Weblogic gave out sample Security Providers for version 7.0 and 8.1. In
  those sample Security Provider , the author of codes used property files as
  Security Providers Database, however he/she didn't show how to create a
  Manageable Sample Role Mapping Provider or Manageable Sample Authentication
  Provider, so Administrator of weblogic console can create and delete
  "security roles" in weblogic console.
  Have anyone known how to do that?
  Ming Qin

  "ming qin" <[email protected]> wrote in message news:[email protected]..
  Hi Everyone:
  Weblogic gave out sample Security Providers for version 7.0 and 8.1.In
  those sample Security Provider , the author of codes used property filesas
  Security Providers Database, however he/she didn't show how to create a
  Manageable Sample Role Mapping Provider or Manageable SampleAuthentication
  Provider, so Administrator of weblogic console can create and delete
  "security roles" in weblogic console.
  Have anyone known how to do that?
  I would ask in the weblogic.developer.interest.management.console newsgroup.
  >
  Ming Qin

• LDAP groups and WebLogic Roles - Urgent ( weblogic 6.1 sp1, iPLanet 5.1)

  I have 2 questions and these are very urgent :-
  1. Where the mapping can be defined between LDAP groups and WebLogic Roles. I have
  2 groups in iPLanet :- Contarctors and employees and I have 2 security roles in weblogic:-
  contractactors and employess. How do I map LDAP group contractors to weblogic security
  Role contractors? Similarly for employees ?
  2. I have not defined contarctors and employeees under People container in IPlanet.
  e.g. The RDN for contractor is
  uid=1234,ou=dir,dc=orams,dc=com
  Can I still use the defualt security realm of weblogic (the WebLogic Security Realm
  under People ) OR I have to write my own custom code ?
  3. I am planning to use Roles insetad of groups to manage the logical grouping in
  iPLant. Can I still use the groups in WebLogic security realm ( in the configuratin
  parameters ?)
  This is very urgent ....so if any of you can throw any hints that will be greatly
  appreciated.
  --Sunita

  Hi Ariel,
  The driver is bundled with the product in WLS 6.1sp1. you don't have to
  download any additional driver. Use it as you normally would only thing to
  remember is if you are trying to write standalone java code then you have to
  have weblogic.jar in your classpath. For the rest of the info follow the wls
  docs for 6.1
  HTH
  sree
  "Ariel" <[email protected]> wrote in message
  news:3bb4a643$[email protected]..
  We want to connect our Weblogic 6.1 sp1 server to a SQLServer 2000 db. We
  downloaded the JDriver from bea.com, but all the istructions that camewith
  it are for WLserver 5.1.
  What has to be done to do this with 6.1 sp1?
  Thanks,
  Ariel

• How to create Users/Roles for ldap in weblogic without using admin console

  Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
  or is there any ant script for creating USers/Roles?
  Regards,
  Raghu.
  Edited by: user9942600 on Jul 2, 2009 1:00 AM
  Edited by: user9942600 on Jul 2, 2009 1:58 AM

  Hi..
  You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
  .e.g. wlst create user
  ..after connecting to admin server
  serverConfig()
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
  cmo.createUser("userName","Password","UserDesc")
  ..for adding/configuring a role
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
  cmo.createRole('','roleName', 'userName')
  ...see the mbean docs for all the different attributes, operations etc..
  ..Mark.

• Groups/Roles ACI Procedures for Creating Accounts

  Hello;
  I am trying to  determine the steps I need to perform in order to create a group/role, under "Groups"; "Groups" does not yet exist inside of my directory.
  Inside of "Groups", I wish to create a container named "UserAdmins",  for which users I make as members would be capable of creating accounts for other users.
  In my current environment, in order to create user accounts, admins must be able to add/modify entries in:
  1. People
  2. group
  3. auto.home
  4. aliases
  My questions, given the information below is:
  A. Do my ACI's seem sound for my purposes?
  B. How do I create a second ACI, similar to UserAdmins, but with the  added ability of "deleting" entries as well as add and modify? (say called "SuperUserAdmins").
  -----Create Groups---------------------
  dn: ou=Groups, sub,dc=domain,dc=com
  objectclass: top
  objectclass: organizationalunit
  ou: Groups
  -----UserAdmins.aci--------------------
  aci: (target="ldap:///dc=sub,dc=domain,dc=com") (targetattr =
    "*")(version 3.0; acl "allow all Admin group"; allow(all) groupdn =
    "ldap:///cn=UserAdmins,ou=Groups,dc=sub,dc=domain,dc=com";)
  dn: ou=Groups, dc=sub,dc=domain,dc=com
  objectclass: top
  objectclass: organizationalunit
  ou: Groups
  ------Initial add of Members to UserAdmins--------
  dn: cn=UserAdmins, ou=Groups, dc=sub,dc=domain,dc=com
  cn: UserAdmins
  objectclass: top
  objectclass: groupofuniquenames
  ou: Groups
  uniquemember: uid=smitha, ou=People, dc=sub,dc=domain,dc=com
  uniquemember: uid=youngt, ou=People, dc=sub,dc=domain,dc=com
  uniquemember: uid=weizerb, ou=People, dc=sub,dc=domain,dc=com

  The last field is for the attribute to delegate. You can read about it here: https://technet.microsoft.com/en-us/library/cc772662%28v=ws.10%29.aspx
  You can also refer to this for updating AdminSDHolder container: http://social.technet.microsoft.com/wiki/contents/articles/22331.adminsdholder-protected-groups-and-security-descriptor-propagator.aspx
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Weblogic.Admin tool and creating groups/users

  Hi All,
  This is newbe question. How do I use the weblogic.Admin tool to create
  a user.
  I tried to INVOKE the UserEditorMBean.createUser method using the
  Admin tool and got "No MBeans found"
  Could somebody please give me an example?
  Regards,
  Tony

  "Tony Nathan" <[email protected]> wrote in message
  news:[email protected]..
  Hi All,
  This is newbe question. How do I use the weblogic.Admin tool to create
  a user.
  java weblogic.Admin -username weblogic -password weblogic -url
  http://localhost:7001 INVOKE -mbean
  Security:Name=myrealmDefaultAuthenticator -method createUser testusername
  testpassword testpassword

• Can't create Application Role in Obiee 11g Enterprise Manager

  Hi All,
  I was working on obiee11g enterprise manager. I created some of the groups in weblogic console. Now I wanted to create application roles in enterprise manager for those groups. I am surprised that, the "*Create*" button is inactive on the application role page of enterprise manager. I only i could see tthe actives ones "*Create Like*", "*Edit*" and "*Delete*".
  Please assist shoud I need any additional configuration for the same.urgent!!
  Thank you in advance,
  BK.

  Click on Create Like button
  Then click cancel on the Create Like dialog box
  Go back to the Create button, it now works
  But if you log out and log back in, the Create button is disabled again
  so may repeat the above process of accessing the 'Create Like' button first to enable the Create button
  < Bug:13983399> CREATE BUTTON IS DISABLED IN FUSION MIDDLEWARE CONTROL IN OBIEE 11.1.1.6.0 ENV
  Please mark helpful or correct if answered.
  Thanks,
  - A.Y

• Novell LDAP Group - Role

  Hi,
  I have created a Novell LDAP Group. In my realm I have now two authentication
  providers: default and novell, both optional. If I authenticate my user which
  is stored in the novell ldap the user is correctly authenticated (request.getRemoteUser()
  != null), although the log says user denied (no matter if the user is in the embedded
  ldap or the novell, but maybe the other one always complains). (novell user gets
  rejected if password is wrong)
  For a novell group i create a role with the condition: caller is a member of the
  group"novell group" this seems not to work. with request.isUserInRole("novell
  group") i get "false" !!
  any ideas??
  regards
  tobias

  found my mistake. i created a role in the weblogic console which i also have defined
  in the web.xml. then i also need to assign this role to the principal (my group)
  in the weblogic.xml.
  if i have a role not defined in the web.xml the request.isUserInRole(<RoleName>)
  works fine, but not in the above described case without assignment in the weblogic.xml.
  "Tobias Voigt" <[email protected]> wrote:
  >
  Actually groups are also configured correctly as it seems for me. On
  the group
  page, the ldap group is also listed (in the provider column it says NovellAuthenticator).
  Also if i look at the output of weblogic.security.Security.getCurrentSubject()
  the LDAP group is also listed as a Principal.
  weblogic.security.SubjectUtils.isUserInGroup(<Subject>,<LDAPGroup>) says
  true.
  but request.isUserInRole(<Role for Members in LDAPGroup>) says false.
  (Btw: Weblogic 8.1 sp1)
  "tm" <no-reply> wrote:
  Hi Tobias,
  It sounds like you can successfully use users
  in your Novell LDAP server but you cannot
  successfully use groups from the LDAP server.
  (ie. when you login, it's finding the user, but it
  isn't finding the user's groups thus the role isn't working).
  I'm assuming that you have configured a NovellAuthenticator.
  You must configure the NovellAuthenticator to tell
  how groups are stored in your Novell LDAP server
  (ie. tell it about the group schema). If this is not
  correctly configured, then groups won't work.
  See http://e-docs.bea.com/wls/docs81/secmanage/providers.html#1172008
  for more information on configuring group schemas for LDAP authentication
  providers.
  -tm
  "Tobias Voigt" <[email protected]> wrote in message
  news:[email protected]...
  Hi,
  I have created a Novell LDAP Group. In my realm I have now twoauthentication
  providers: default and novell, both optional. If I authenticate myuser
  which
  is stored in the novell ldap the user is correctly authenticated(request.getRemoteUser()
  != null), although the log says user denied (no matter if the useris in
  the embedded
  ldap or the novell, but maybe the other one always complains). (novelluser gets
  rejected if password is wrong)
  For a novell group i create a role with the condition: caller is amember
  of the
  group"novell group" this seems not to work. withrequest.isUserInRole("novell
  group") i get "false" !!
  any ideas??
  regards
  tobias

• How to use security roles in Weblogic server?

  Hello Gurus,
  I am new to Weblogic server and I am trying to investigate how to make
  use of security roles in weblogic server (5.1.0). Can anyone point me
  to some documentation. Specifically, I am looking for instance level,
  and method level security and how to use it.
  Thanks for taking your time to read this e-mail.
  Thank You all in advance,
  Hari.

  You should read the security information in the Servlet 2.2 specification
  that WL 5.1 implements:
  http://java.sun.com/products/servlet/download.html
  Chapter 11 deals with declarative and programmatic security, and includes a
  section on roles:
  11.4 Roles
  A role is an abstract logical grouping of users that is defined by the
  Application Developer or
  Assembler. When the application is deployed, these roles are mapped by a
  Deployer to security
  identities, such as principals or groups, in the runtime environment.
  A servlet container enforces declarative or programmatic security for the
  principal associated with
  an incoming request based on the security attributes of that calling
  principal. For example,
  1. When a deployer has mapped a security role to a user group in the
  operational environment. The
  user group to which the calling principal belongs is retrieved from its
  security attributes. If the
  principal's user group matches the user group in the operational environment
  that the security
  role has been mapped to, the principal is in the security role.
  2. When a deployer has mapped a security role to a principal name in a
  security policy domain, the
  principal name of the calling principal is retrieved from its security
  attributes. If the principal is
  the same as the principal to which the security role was mapped, the calling
  principal is in the
  security role.
  Cameron Purdy
  http://www.tangosol.com
  "Hari" <[email protected]> wrote in message
  news:[email protected]..
  Hello Gurus,
  I am new to Weblogic server and I am trying to investigate how to make
  use of security roles in weblogic server (5.1.0). Can anyone point me
  to some documentation. Specifically, I am looking for instance level,
  and method level security and how to use it.
  Thanks for taking your time to read this e-mail.
  Thank You all in advance,
  Hari.

• Creating a role for t.code FBL1N

  Hi All,
  Creating a role (PFCG), I've to assign the t.code FBL1N only.
  In this role and for the t.code FBL1N, I've to exclude a certain Vendor Account Group.
  Could anyone help me?
  Thanks

  Hi ,
  For the task that you want to perform .
  First of all have a basic idea of how the authorization objects pertaining to a T code are checked , go to T code SU24 and give the input transaction as FBL1N and execute . there you will find the list of all the authorization objects that would be available for FBL1N.
  go through their documentation and understand the behaviour .
  Secondly , in case of FBL1n you cannot restrict based on account group at the granual level you can control on document type authorization group F_BKPF_BLA .
  For creating a role Go to t code PFCG create a role assing the t code , provide the auhtorization values , generate the role and assign the role to the user ID that you want to assign it to .
  Hope this helps .
  Regards ,
  Dewang T .