Developers are a demanding bunch, always wanting access! We describe in this final section of the chapter how to create read-only accounts that developers can use to log in to the various consoles as well have read-only access to the MDS. It is always recommended not to share the weblogic
password with developers.
In this section, we also describe how to configure custom XPath functions.
The Monitors
group provides read-only access to Oracle Fusion Middleware Enterprise Manager Control, while the Deployers
group grants the ability to deploy applications to the SOA server.
From time to time, administrators of Oracle SOA Suite 12c infrastructure are required to provide limited and role based access to developers and extended team members. For instance, administrators may be tasked with providing a group of users and developers access to view service status and health, composite instances, and audit trails. In other cases, the requirement may be to grant operators access to manage composite lifecycles. Fortunately, Enterprise Manager provides functionality to provide different levels of access to different users and groups access without allowing them to change any infrastructure settings. The following steps detail how administrators can provide role-based access to the SOA infrastructure:
Role |
Permission |
---|---|
|
This has full access, including the ability to modify security settings. |
|
This has access to deploy/undeploy, start/stop, and activate/retire composites. |
|
This has read-only access to Oracle EM FMW Console. |
|
This has access to view instance and audit trails. |
|
This has access to modify audit levels. |
Refer to the earlier section Mapping Users and Groups to Application Roles in this chapter for guidance on how to associate WebLogic users and groups to Fusion Middleware application roles.
Developers will require a database account to access the MDS during their development as it is necessary for them to create a database connection in JDeveloper 12c to the [PREFIX]_MDS
schema in order to access MDS artifacts. Shared objects that are maintained in the MDS, such as DVMs, schemas, and WSDLs, need to be accessible to the developer during the development cycle. The last thing administrators want is to share the [PREFIX]_MDS
schema password.
Follow these instructions to create a generic MDS_MDS_READONLY
database account that can be shared with developers. The following instructions assume that the schema name for the MDS is DEV_MDS
:
SYSDBA
privileges:SQLPLUS "/ AS SYSDBA"
DEV_MDS_READONLY
and grant access:CREATE USER DEV_MDS_READONLY IDENTIFIED BY WELCOME1; GRANT RESOURCE, CONNECT TO DEV_MDS_READONLY;
DEV_MDS_READONLY
user:GRANT SELECT ON DEV_MDS.MDS_PARTITIONS TO DEV_MDS_READONLY; GRANT SELECT ON DEV_MDS.MDS_LABELS TO DEV_MDS_READONLY; GRANT SELECT ON DEV_MDS.MDS_TXN_LOCKS TO DEV_MDS_READONLY; GRANT SELECT ON DEV_MDS.MDS_TRANSACTIONS TO DEV_MDS_READONLY; GRANT SELECT ON DEV_MDS.MDS_DEPL_LINEAGES TO DEV_MDS_READONLY; GRANT SELECT ON DEV_MDS.MDS_PATHS TO DEV_MDS_READONLY; GRANT SELECT ON DEV_MDS.MDS_STREAMED_DOCS TO DEV_MDS_READONLY; GRANT SELECT ON DEV_MDS.MDS_NAMESPACES TO DEV_MDS_READONLY; GRANT SELECT ON DEV_MDS.MDS_COMPONENTS TO DEV_MDS_READONLY; GRANT SELECT ON DEV_MDS.MDS_ATTRIBUTES TO DEV_MDS_READONLY; GRANT SELECT ON DEV_MDS.MDS_DEPENDENCIES TO DEV_MDS_READONLY; GRANT SELECT ON DEV_MDS.MDS_PURGE_PATHS TO DEV_MDS_READONLY; GRANT SELECT ON DEV_MDS.MDS_LARGE_ATTRIBUTES TO DEV_MDS_READONLY; GRANT SELECT ON DEV_MDS.MDS_SANDBOXES TO DEV_MDS_READONLY;
CREATE SYNONYM DEV_MDS_READONLY.MDS_PARTITIONS FOR DEV_MDS.MDS_PARTITIONS; CREATE SYNONYM DEV_MDS_READONLY.MDS_LABELS FOR DEV_MDS.MDS_LABELS; CREATE SYNONYM DEV_MDS_READONLY.MDS_TXN_LOCKS FOR DEV_MDS.MDS_TXN_LOCKS; CREATE SYNONYM DEV_MDS_READONLY.MDS_TRANSACTIONS FOR DEV_MDS.MDS_TRANSACTIONS; CREATE SYNONYM DEV_MDS_READONLY.MDS_DEPL_LINEAGES FOR DEV_MDS.MDS_DEPL_LINEAGES; CREATE SYNONYM DEV_MDS_READONLY.MDS_PATHS FOR DEV_MDS.MDS_PATHS; CREATE SYNONYM DEV_MDS_READONLY.MDS_STREAMED_DOCS FOR DEV_MDS.MDS_STREAMED_DOCS; CREATE SYNONYM DEV_MDS_READONLY.MDS_NAMESPACES FOR DEV_MDS.MDS_NAMESPACES; CREATE SYNONYM DEV_MDS_READONLY.MDS_COMPONENTS FOR DEV_MDS.MDS_COMPONENTS; CREATE SYNONYM DEV_MDS_READONLY.MDS_ATTRIBUTES FOR DEV_MDS.MDS_ATTRIBUTES; CREATE SYNONYM DEV_MDS_READONLY.MDS_DEPENDENCIES FOR DEV_MDS.MDS_DEPENDENCIES; CREATE SYNONYM DEV_MDS_READONLY.MDS_PURGE_PATHS FOR DEV_MDS.MDS_PURGE_PATHS; CREATE SYNONYM DEV_MDS_READONLY.MDS_LARGE_ATTRIBUTES FOR DEV_MDS.MDS_LARGE_ATTRIBUTES; CREATE SYNONYM DEV_MDS_READONLY.MDS_SANDBOXES FOR DEV_MDS.MDS_SANDBOXES;
CREATE SYNONYM DEV_MDS_READONLY.MDS_INTERNAL_COMMON FOR DEV_MDS.MDS_INTERNAL_COMMON; CREATE SYNONYM DEV_MDS_READONLY.MDS_INTERNAL_SHREDDED FOR DEV_MDS.MDS_INTERNAL_SHREDDED; CREATE SYNONYM DEV_MDS_READONLY.MDS_INTERNAL_UTILS FOR DEV_MDS.MDS_INTERNAL_UTILS;
GRANT EXECUTE ON DEV_MDS.MDS_INTERNAL_COMMON TO DEV_MDS_READONLY; GRANT EXECUTE ON DEV_MDS.MDS_INTERNAL_SHREDDED TO DEV_MDS_READONLY; GRANT EXECUTE ON DEV_MDS.MDS_INTERNAL_UTILS TO DEV_MDS_READONLY;
Note that the same permission setting can be created for the [PREFIX]_SOAINFRA
schema.
Developers tend to use a multitude of custom function libraries as they develop their SOA composites. These functions are mostly used within transformation files (that is, XSL and XQuery maps) or assignment activities. These functions can be used at design time in the composite editor by importing the library as User Defined Extension Jar files.
At runtime, however, administrators have to ensure that these libraries are appropriately placed to be part of the server runtime. Although describing how to create custom XPath functions is out of scope for this book, their deployment is not.
To deploy a custom XPath function to the Oracle SOA Suite 12c infrastructure, follow these steps:
customXPathFunctions.jar
).$MW_HOME/soa/soa/modules/oracle.soa.ext_11.1.1
).Now, any composite deployed to the server and requiring the use of these custom XPath functions will have access to them at runtime.
52.15.78.83