6.x security is designed around simple incremental building blocks. The administrator first creates a user and assigns him to one or more groups. The groups, in turn , have privileges associated with them in the form of Access Control Lists, or ACLs. UsersThe user is the fundamental unit of access control in WebLogic Server 6.x. Users have only two attributes, their name and their password. This means that after users are created, about the only thing you can do with them is change their password or delete them entirely. Both of these tasks are accomplished from the Security folder in the Administration console. To perform user administration:
WebLogic Server 6.x provides two users of particular importance. The first is the system user, which is the account used to start and stop the server. The second is the guest user, which is an anonymous account used by the system when authorization is not required. Tip You can tighten security considerably by disabling the guest user account. GroupsA group is a collection of users treated as a single unit for administrative purposes. WebLogic server ships with only two groups already created:
You will probably find it convenient to create your own groups. A group is created by clicking on the Groups icon under Security, then clicking "Create a new Group." Users can be added one at time or in a comma-separated list. Note that groups can also be added to other groups. To remove a user from a group, first bring up the group, then click on the checkbox next to the user you want to remove. Click Apply to remove the user. ACLAn Access Control List, or ACL, is the mechanism the system uses to determine whether a user can access a system resource. ACLs are associated with a resource and consist of lists of users or groups and the permissions granted to them. The server comes preconfigured with three ACLs:
It is also possible [1] to define your own access control lists. This is done by clicking the ACL under the Security icon. The access control list has two properties:
Access control lists can be defined for the following resource types:
|