Monday, November 14, 2011

Oracle SOA BAM Security Configuration

Oracle SOA 11g BAM Security Configuration

  • This thread describes the Admin Functions for Oracle BAM.
  • Create a BAM user
  • Create Roles and Assign Permissions to Roles
  • Create Users & Groups and Assign Them to Roles.
 Setup Users and Groups in Weblogic Console
  • Login to Weblogic console http://hostmachine:portnumber/console; default port 7001
  • Click on Home->Security Realms->My Realm->Users and Groups. It is recommended to create a group in Weblogic Server for each BAM role.
  • Click on Users to create new users e.g. BAMUser1.
  • Assign the new user to Groups.
  • It is important to set the Username as Case Sensitive in Weblogic console.
  • Go to Security Realms->My Realm->Providers->Default Authenticator. Ensure that the flag that says"Use Retrieved User Name As Principal" is checked. By default this is checked.

Assign Users and Groups to Application Roles using Enterprise Manager
  •  EM manages the Application Policies for Oracle BAM. It is pre-configured with 4 roles for Oracle BAM application. Administrator: Has all the access; Report Architect:Has access to features for creating data objects and reports; Report Creator: Has access to features for creating reports; Report Viewer: Has access to features for viewing reports.
  • Login to Weblogic Enterprise Manager http://hostmachine:portnumber/em; default port 7001
  • Click on BAM->Oracle BAM Server
  • Right Click on Oracle BAM Server-> Security-> Application Policies
  • Click on the button with green arrow for Permission to view the pre-configured policies.
  •  Right Click on OracleBAMServer->Security->Application Roles
  • Click on the button with the green arrow for Role Name to view the pre-configured Roles.
  • Click on the RoleName e.g ReportViewer
  • Click on the green Plus sign Add Role under Members

  •  An Add Role Dialog Box will appear. Select the Group in the Role Type and click on the green arrow button.
  • This will show all the Groups created in the Weblogic Console.
  • Select the group that should be assigned to the role e.g. BAMReportViewer. Assign the individual user names by clicking the Add User (below Add Roles and under the Members)

Login to Oracle BAM Application

  • Oracle BAM is not aware of a user until the user logs in.
  • On initial log in, the application looks up the user in the configured security provider and synchronizes Oracle BAM's definition for that user with that of the configured security provider.
  • Login to Oracle BAM http://hostmachine:portnumber/OracleBAM ; default port 9001
  • The new user should have access to the featured as defined in the assigned role.

    Oracle SOA 12c: How To Create READ-ONLY Access To The JMS Messages For Monitor User

    Create a user who only can view the JMS Messages and can not create,  delete,  move or import JMS Messages, and can not monitor other resour...