You can't ...
In a weblogic group you can add the weblogic users, but the AD users will not be available there ....
The AD users will have their own AD groups (based on your config) so you can have both a weblogic group and an AD group and add both of them to your app role.
Hi Gianni Ceresa,
so my existing security is that users are added to some group names and each group is restricted to each report
I mean one grp will have access to one report and others will not
So now i have enabled the Active directory and it is working fine.so please suggest some way to grp the AD users by grp name and will restrict that group to reports, same as above functionality.
As Gianni already said, you need to create AD groups and add your AD users to those AD groups, then assign those AD groups to your reports as well. You will need to maintain two sets of groups, weblogic groups and AD groups.
If you want to just have one set of groups, then you need to virtualize your groups via OVD. That is a lot more work to setup and configure.
Please advice me on this.
If i add AD users to multiple AD group and restrict/access the different reports through ADgroups.will it be fine ..?
my question is shld i maintain old web logic users and groups. can i delete that old group or users(weblogic) as i will create same groups or users in AD
as AD group or AD users will suffice them instead of web logic grps/users
Thanks & regards
The first thing to keep in mind: you don't assign security on groups but on application roles (the old webcat groups are officially not there anymore in 22.214.171.124 and deprecated since 126.96.36.199 and advised to not use anymore in 188.8.131.52 etc.).
So assuming you have all the application roles you need, there is no reason to maintain the weblogic groups if all your users come from AD.
The weblogic groups are interesting only if you still have weblogic users requiring that level of security.
If you don't want to have to create all the groups in AD because too much work you can also get the association between a user and an application role from a database (where you maintain a kind of mapping table).
Am clear from your above brief statement, that I will not use Web logic groups/users if I maintain AD
So I want to use the AD users and I don't want to request frequently to create AD group as it is with LDAP team
and as well as time consuming process.
As you had mentioned, user and role based mapping catch my attention. please, request you let me know how I can call roles while using the AD users and restrict them using role(I know how to restrict the users or group using role).
I mean, how to associate the AD users coming from AD and roles coming from mapping table and how or where is the option to call (combine)
Appreciate your support and help.
Thanks & regards
There is one way you can define AD users to particular Groups, via configuring SQL Group Provider.
In this case you have to maintain a physical table in your DB and you can assign a users to the respective groups and add the group to the respective Application Role. So the security will be applicable to those users under the groups.
I followed the doc you had referred and is excellent and am in final lap to achieve the goal, but Unable To See Database Groups In EM After Configuring Users In LDAP, Groups In Database
error message am getting in the server log is Connection pool not usable and i referred this oracle doc which speaks same issue Doc ID 1603055.1 .I have followed all the steps but still unable to retrieve the groups in EM.
Please help me out as am in final lap to achieve the Target.
Thanks & Regards
I got a your reply bit late.. I hope now you have solved your problem. If not Please try to restart everything and check.
Please let me know if you face any issues.