Database Reference
In-Depth Information
Understanding authorization policies
Oracle SOA Suite 11g has a policy-based authorization mechanism in place to
determine what permission a user can have when accessing infrastructure re-
sources. Users or groups are mapped to an
application role
, which is a virtual
group defined in a centralized policy store to access protected application server
resources. Application roles provide authorization by decoupling your application
level permissions with principles defined in identity stores, as any changes to
users or groups in the backend store will automatically reflect their permissions
when accessing protected resources. Oracle SOA Suite 11g defines a set of pre-
defined application roles in its default policy store, which is file-based and avail-
able in the
$DOMAIN_HOME/config/fmwconfig/system-jazn-data.xml
file. A definition of an application role such as that of the
SOADesigner
role is
shown in the following code snippet:
<app-role>
<name>SOADesigner</name>
<display-name>SOA Designer</display-name>
<description>SOA Designer</description>
<guid>81F7F169651A11E0AF6A79660AB4F93C</guid>
<class>oracle.security.jps.service.policystore.ApplicationRole </class>
<members>
<member>
<class>weblogic.security.principal.WLSGroupImpl</class>
<name>Administrators</name>
</member>
<member>
<class>oracle.security.jps.service.policystore. ApplicationRole</class>
<name>SOAAdmin</name>
<guid>81F7F160651A11E0AF6A79660AB4F93C</guid>
</member>
<member>
<class>oracle.security.jps.service.policystore. ApplicationRole</class>
<name>BPMWorkflowAdmin</name>
<guid>81F7F165651A11E0AF6A79660AB4F93C</guid>
