Customers often ask about how to give certain people limited access to Enterprise Manager, often they talk about ‘read only’ access. Enterprise Manager does in fact have three roles defined out-of-the-box that provide various levels of access. You can see details of exactly what each can do in the documentation here.
Setting up a new user and giving them one of these limited access roles is pretty easy. In this post, I review the steps for setting up role-based access to Enterprise Manager.
First, we need to create the new user. If you are using an LDAP server or Active Directory, etc., then you will probably want to go and create the user in those tools. Otherwise, you can do it from the WebLogic Server console. Go to the Security Realms option in the navigation menu on the left, then open your realm and then the Users and Groups tab and then the Groups sub-tab. You will see there is a group called Monitors. We will use this one for our example.
Go to the Users sub-tab and click on the New button. Enter a user name and password, as shown below and then click on OK. I called my new user monitor.
Go back to the Users sub-tab again, and click on your new user in the list, then open the Groups tab for that user. Find the Monitors group in the list of Available groups on the left, and click on the little blue right arrow to add it to the Chosen groups on the right. Then click on Save.
That’s enough to give our new user limited access to the WebLogic console. You can log in with that user now and try it out!
If you also want to give them limited access to the Enterprise Manager, we need to assign one more role to them. Log on to Enterprise Manager as an administrative user. Navigate to the WebLogic domain in the navigation tree on the left. When the domain is displayed on the right hand side, open the menu at the top and choose Security and then Application Roles.
In the Select Application Slice to Search select soa-infra and then click on the little green arrow in a blue circle button to do a search. You should see in the list a role called SOAMonitor. Click on that role.
Then click on the Add User button. In the popup dialog, search for your new user and click on the little blue arrow to move them to the Selected Users box, as shown below. Click on OK and then OK again.
Now you can log on to Enterprise Manager using your new user. Notice that you have limited access. For example, on the Composite page, you only get the test option…
… whereas an administrative user gets several other options too:
So there you go, an easy way to give users limited access to the WebLogic console and Enterprise Manager. Be sure to check the documentation link at the top of this post to see what these user are and are not able to do.