To connect to a WebLogic Server MBean server, a JMX client must supply credentials for a user who has been defined in the WebLogic Server domain's security realm. To further secure the MBeans that have been registered in an MBean server, WebLogic Server uses security roles and policies.
By default, a WebLogic Server security realm contains four global security roles: Admin, Deployer, Operator, and Monitor, and the default security policies for WebLogic Server MBeans grant the following permissions:
lookupCluster(String name) in DomainMBean.
- All users can invoke the
userExists method on security provider MBeans.
- Only the Admin role has read access to encrypted attributes.
- Only the Admin role has write access to writable attributes
and can invoke operations other than lookup operations.
Security providers can override these default settings. To modify these defaults from the Administration Console, see Create JMX policies.
The following table lists the MBeanServer service MBeans that override the default security settings. MBeanServer service MBeans are your entry point into navigating the MBean hierarchies. Some of these MBeans contain attributes and operations for managing changes to WebLogic Server configuration MBeans.
| ActivationTaskMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| ConfigurationManagerMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| DomainRuntimeServiceMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| EditServiceMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| RecordingManagerMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| RuntimeServiceMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
The following table lists the domain configuration MBeans that override the default security settings. Domain configuration MBeans configure clusters, server instances, containers within the server (such as the EJB and servlet containers), and other services that servers provide to applications.
| AppDeploymentMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| ApplicationMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| ConnectorComponentMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| DomainMBean |
The following operations override all other security settings for this MBean:
|
| EJBComponentMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JDBCConnectionPoolMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
Exceptions: The following attributes override all other security settings for this MBean:
|
| JDBCDataSourceFactoryMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JDBCDataSourceMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JDBCMultiPoolMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JDBCSystemResourceMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JDBCTxDataSourceMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSBridgeDestinationMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSConnectionConsumerMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSConnectionFactoryMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSDestinationKeyMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSDestinationMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSDistributedDestinationMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSDistributedDestinationMemberMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSDistributedQueueMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSDistributedQueueMemberMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSDistributedTopicMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSDistributedTopicMemberMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSFileStoreMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSInteropModuleMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSJDBCStoreMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSQueueMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSServerMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSSessionPoolMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSStoreMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSSystemResourceMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSTemplateMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSTopicMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JoltConnectionPoolMBean |
The following attributes override all other security settings for this MBean:
|
| LibraryMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| ServerMBean |
The following operations override all other security settings for this MBean:
|
| ShutdownClassMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| StartupClassMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| SubDeploymentMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| TargetInfoMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WebAppComponentMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WebServerMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WebServiceComponentMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFSystemResourceMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WTCExportMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WTCImportMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WTCLocalTuxDomMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WTCPasswordMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WTCRemoteTuxDomMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WTCResourcesMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WTCServerMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WTCtBridgeGlobalMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WTCtBridgeRedirectMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
The following table lists the runtime MBeans that override the default security settings. Runtime MBeans provide information about the runtime state of WebLogic Server resources.
| AccessRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| ApplicationRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
Exceptions: The following operations override all other security settings for this MBean:
|
| AppRuntimeStateRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| ConnectorServiceRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| DataAccessRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| DeployerRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| DeploymentTaskRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| DomainRuntimeMBean |
The following operations override all other security settings for this MBean:
|
| DomainRuntimeServiceMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| EJBComponentRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| EJBPoolRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| EJBTransactionRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSRemoteEndpointRuntimeMBean |
The following operations override all other security settings for this MBean:
|
| RequestClassRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| RuntimeServiceMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| SAFAgentRuntimeMBean |
The following operations override all other security settings for this MBean:
|
| SAFMessageCursorRuntimeMBean |
The following operations override all other security settings for this MBean:
|
| SAFRemoteEndpointRuntimeMBean |
The following operations override all other security settings for this MBean:
|
| ServerLifeCycleRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| ServerLifeCycleTaskRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| ServerRuntimeMBean |
The following operations override all other security settings for this MBean:
|
| ServletRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| StatelessEJBRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WebAppComponentRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WebServerRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFAccessRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFDataAccessRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WorkManagerRuntimeMBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WSRMRemoteEndpointRuntimeMBean |
The following operations override all other security settings for this MBean:
|
The following table lists the system module MBeans that override the default security settings. System module MBeans configure modules that have been deployed independently of other enterprise applications and are therefore available as resources to all applications on a server.
| ClientParamsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| ClientSAFBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| DefaultDeliveryParamsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| DeliveryFailureParamsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| DeliveryParamsOverridesBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| DestinationKeyBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| DistributedDestinationMemberBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| DistributedQueueBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| DistributedTopicBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| FlowControlParamsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| ForeignConnectionFactoryBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| ForeignServerBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| GroupParamsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JDBCConnectionPoolParamsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JDBCDataSourceBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JDBCDataSourceParamsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JDBCDriverParamsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
Exceptions: The following attributes override all other security settings for this MBean:
|
| JDBCPropertiesBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JDBCPropertyBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JDBCXAParamsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| JMSConnectionFactoryBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| LoadBalancingParamsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| MessageLoggingParamsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| MulticastParamsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| PropertyBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| QueueBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| QuotaBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| SAFErrorHandlingBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| SAFImportedDestinationsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| SAFLoginContextBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| SAFQueueBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| SAFRemoteContextBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| SAFTopicBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| SecurityParamsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| TemplateBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| ThresholdParamsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| TopicBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| TransactionParamsBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| UniformDistributedQueueBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| UniformDistributedTopicBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFHarvestedTypeBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFHarvesterBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFImageNotificationBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFInstrumentationBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFInstrumentationMonitorBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFJMSNotificationBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFJMXNotificationBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFNotificationBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFResourceBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFSMTPNotificationBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFSNMPNotificationBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFWatchBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|
| WLDFWatchNotificationBean | The following roles have read, write, and invoke permission for all non-encrypted attributes and operations in this MBean:
|