Friday, March 27, 2015

Custom SOA Administrator

The default SOA administrator in a SOA/BPM installation is "weblogic". The SOA administrator, amongst other tasks, is the BPM Workspace administrator, the out-of-the-box web-based interface where users can access and manage their tasks. This is just fine for development and testing purposes.

However, at some point during your process lifecycle you will be faced with the task of creating and assigning a custom SOA administrator other than "weblogic" to serve your processes' administrative tasks, for example, mapping application roles to users and/or enterprise groups.

The first thing that you need to do is of course create your new SOA admin user using the Weblogic Administrator Console.

Next you need to point out to the SOA Infrastructure that James Cooper, as in the example above, will be the new SOA Administrator.

There are a couple of ways to do so.

The first and most easiest way is by assigning the "Administrators" group to your new user as in the image below.

The easiest way though is not always the right way. Doing so you are automatically granting access administrative access to applications like the Weblogic Console where you new SOA admin user can fiddle with your Weblogic settings.

A much better approach would be to map your new user to the SOAAmin application role using the Enterprise Manager. To do so, right click the soa-infra node and from the context menu select "Security > Application Roles"

On the "Application Roles" page enter SOAAdmin in the search box field and click on the search button. You should see the SOAAdmin application role displayed in the search results page and selected.

With the SOAAdmin application role selected click the edit button and in the "Edit Application Role" page click the "Add" button. This will open the "Add Principal" window where you can search for an application role, user or a group. Search for your user and click OK.

On the "Edit Application Role" click OK to apply the change. You will be redirected to the "Application Roles" page with the SOAAdmin user selected and under the membership for SOAAdmin you should see your new user.

The ultimate approach, and what I highly recommend, is to create a custom group on Weblogic Console, for example "MyAdminGroup", assign this new group to your user and add this new group as a member of the SOAAdmin application role.

No comments:

Post a Comment