Database Reference
In-Depth Information
</member>
</members>
</app-role>
Notice that the
SOADesigner
role contains preconfigured groups, defined in
the server by default, such as
Administrators, SOAAdmin
, and
BPMWork-
flowAdmin
, and implements the
or-
acle.security.jps.service.policystore.ApplicationRole
class.
Principles available in an identity or a directory server, such as existing organiz-
ational users and groups, can be added to either the logical groups associated
figuring and Administering Oracle SOA Suite 11g
described how to configure an
external LDAP server and map real users to application roles.
Apart from application roles the
system-jazn-data.xml
file also contains
application policies, which are
Java Authentication and Authorization Ser-
vice (JAAS)
based policies, to define mapping rules between principals (users,
groups, or application roles) and permissions for accessing protected resources.
Policies registered in the policy store determine the permissions granted to ap-
plication roles. Observe the following snippet from
system-jazn-data.xml
,
illustrating how a default application role, that is,
SOAOperator
is granted the
soadeploy
permission to deploy composites to the infrastructure:
<grant>
<grantee>
<principals>
<principal>
<class>oracle.security.jps.service.policystore. ApplicationRole</class>
<name>
SOAOperator
</name>
<guid>81F7F161651A11E0AF6A79660AB4F93C</guid>
</principal>
</principals>
</grantee>
<permissions>
<permission>