We know that Oracle BPEL PM comes with a domain “default”. The roles (which are available in OID) related to this “default” domain includes
BPMDefaultDomainAdmin
This role is to control the access to the “default” domain
BPMSystemAdmin
This role is to control the access to the entire BPEL PM including the “default” domain and all other custom domains
I.Steps to create a Custom Domain
1. Login to Oracle BPEL PM as BPEL Administrator
2. Click on BPEL Domains & click on “Create New BPEL Domain”
3. Enter the Domain Id as “custom”. Please note according to Note:406979.1 When you have domain with capital letters in the domain id then you get a file not found error when logging into BPEL console.
4. Click on Create to complete the Custom Domain Creation
II.Steps to implement for allowing access to Custom Domain (custom)
1. Create a new user using OIDDAS by the name ‘custom’
2. Create a new OID group called “BPMcustomDomainAdmin"
3. Add the above-created user to this group
4. Login to the SOA Suite mid-tier & navigate to $ORACLE_HOME/j2ee/oc4j_soa
5. Grant permissions to the role created by running the command as shown below
java -Xbootclasspath/a:../../bpel/lib/orabpel-boot.jar -jar ../home/jazn.jar -user oc4jadmin -password bpel123 -grantperm DEFAULT_REALM_NAME -role BPMcustomDomainAdmin com.collaxa.security.DomainPermission custom all
6. Grant System Administrator privileges by running the following command
java -Xbootclasspath/a:../../bpel/lib/orabpel-boot.jar -jar ../home/jazn.jar -user oc4jadmin -password bpel123 -grantperm DEFAULT_REALM_NAME -role BPMcustomDomainAdmin com.collaxa.security.ServerPermission server all
Note:
As per Note:403225.1, the user ‘custom’ or group BPMcustomDomainAdmin, gets "all" or "nothing" privileges to the "custom" domain. In 10.1.3 it is not possible to go for finer actions like "read-only", "update-also" etc.
1. You can grant access to domains to selected user pool.
2. You can't control the access at different levels.
No comments:
Post a Comment