Using Authorization Providers To Protect JMX Access (Doc ID 1431332.1)

Last updated on NOVEMBER 05, 2016

Applies to:

Oracle Weblogic Server - Version 10.3.1 and later
Information in this document applies to any platform.

Symptoms

User with Operator and Deployer Role is not able to create a Data Source in WLS 10.3.x. Steps to replicate the issue:

  1. Create a WLS 10.3 domain, start the domain and login as administrator.
  2. Create a user and assign the role as Operator and Deployer.
  3. Select myrealm -> Configuration -> General.
  4. Enable Use Authorization Providers to Protect JMX Access.
  5. Restart the server (manadatory) and relogin as administrator.
  6. Go to Security Realms -> myrealm -> Roles and Policies.
  7. Go to Roles and Policies -> Realm Policies.
  8. Select JMX Policy Editor.
  9. GLOBAL SCOPE would be enabled by default. Click next.
  10. You will see a list of MBean Types.
  11. Expand weblogic.management.configuration tree.
  12. Select DomainMBean and click next.
  13. You will see a list of Attributes or Operations.
  14. Expand Operations: Permission to Invoke tree.
  15. Select createJDBCSystemResource and click the Create Policy button.
  16. On the Edit JMX Policies page, click Add Conditions.
  17. Select Role and add Deployer and Operator Role to the condition.
  18. Save.
  19. Log in to the Console with the user having Operator and Deployer roles. You will not find a new button to create data source.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms