Fusion Middelware - Application Role

> (Weblogic|Fusion Middelware|FMW)

1 - About

Fusion Middelware Application uses a role-based access control model. Security is defined in terms of Application Roles that are mapped to directory server groups and users.

The mapping is done in the application role definition.

Example of mapping between Directory Server Group/User and OBIEE Application Role:

Directory Server Group and User Application Role Name Application Role and User Permission
User1, User2, User 3 BIConsumer access reports
User4, User5 BIAuthor create reports
User6, User7 BIAdministrator manage repositories

An Application role can contain:

  • other application roles,
  • groups,
  • or individual users.

The application role data are stored in the policy store.

Advertising

3 - Management

3.1 - Web Interface

Note:

  • The application roles in the policy store are retrieved by the application (for instance Oracle BI Server) when it starts.

3.2 - Xml Policy Store

Extract from the XML file that stores the policy store

<?xml version='1.0' encoding='utf-8'?>
<jazn-data>
    <jazn-realm>
    </jazn-realm>
    <policy-store>
        <applications>
            <application locale="en_US">
                <!-- The application stripe -->
                <name>obi</name>
                <!-- The application roles -->
                <app-roles>
                    <app-role>
                        <name>BISystem</name>
                        <display-name>BI System Role</display-name>
                        <guid>DE4C58507EE611E3BF4F91CA9C3BA5FC</guid>
                        <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                        <members>
                            <!-- The members -->
                            <member>
                                <class>weblogic.security.principal.WLSUserImpl</class>
                                <name>BISystemUser</name>
                            </member>
                        </members>
                    </app-role>
 ................

The application's principal and role classes are Oracle Platform Security Services class names.

3.3 - Wlst Scripting

With OPSS script

listAppStripes(regularExpression="obi*")
 
listAppRoles(appStripe="obi")

4 - Application

4.1 - OBIEE

In OBIEE, you can see the Application role with the role system session variables.

@{biServer.variables['NQ_SESSION.ROLES']}
Advertising

5 - Documentation / Reference

weblogic/application_role.txt · Last modified: 2018/09/10 15:30 by gerardnico