Wednesday, March 6, 2019

Oracle SOA 12c: How To Create READ-ONLY Access To The JMS Messages For Monitor User

Create a user who only can view the JMS Messages and can not create,  delete,  move or import JMS Messages, and can not monitor other resources.

 The following are the steps to allow Non Admin role users to monitor JMS resources:

1. In the left pane, select Security Realm.
2. Select <your_realm_name>.
3. In "Configuration" tab, check "Use Authorization Providers to Protect JMX Access", click save and then activate changes.
4. Restart the server.
5. In the left pane, select Security Realm.
6. Select <your_realm_name>.
7. Go to "Users and Groups".
8. In users, create a new user (such as say "jmsmonitor")
9. Adding it to group "Monitors":
    a. Select <your_realm_name>.
    b. Select "Users and Groups".
    c. Click on user name, in right pane select "Groups".
    d. From Parent Groups, select monitors, click arrow pointing right side.
10. Go to "Roles and Policies" - > Realm Policies
11. In Policy table, select "JMX Policy Editor".
12. Select "Global Scope", click next.
13. From MBean Types, select "weblogic.management.runtime"
14. Select "JMSDestinationRuntimeMBean", click next.
15. In Attributes and Operations, expand "Operations: Permission to Invoke".
16. Select "getCursorEndPosition" operation.
17. Click on "Create Policy" button
18. Click on "Add Condition", Select "User" in "Predicate List", click next, type User Argument Name (jmsmonitor), say add. Click "Finish"
19. Click on "Add Condition", Select Role in "Predicate List", click next, type Role Argument Name (Admin), say add. Click "Finish"
20. Select "Or" between Role:Admin and User:jmsmonitor and Click "Save"
21. Repeat step 10~19 for set the following operations.
    a. getCursorSize
    b. getCursorStartPosition
    c. getItems
    d. getMessage
    e. getMessages
    f. getNext
    g. getPrevious 
    h. sort

22 - Logout weblogic user and login with the new user.
23 - Go to the created module and click on the created queue
24 - Click on Monitoring tab
25 - Click on the check box associated to the queue and them Show Message button
at
Labels: ,

OCI Knowledge Series: OCI Infrastructure components

  Oracle Cloud Infrastructure (OCI) provides a comprehensive set of infrastructure services that enable you to build and run a wide range of...