Custom Domain User Management in Oracle BPEL PM 10g

In order to control the access to the business process developed in BPEL there is a need to segregate the process into different domains especially when there are different Business Teams uses the same Process Manager. For each of the domain, there is a need to create different roles which can be assigned to users who can view/modify/execute the processes in that domain

Here I will share the findings on how user management can be done in a custom domain ( not the "default") for Oracle BPEL Process Manager 10.1.3.3. I will talk about the details steps to create a custom domain and then create roles and assigning the roles with proper permission to access the custom domain. The security provider used is JAZN which is File Based Security provider based on JAAS. It also details the steps when the BPEL is installed with default OC4J instance (home) or different OC4J instance

Steps to create a Custom Domain
1. Login to Oracle BPEL PM as BPEL Administrator
2. Click on BPEL Domains
3. Click on “Create New BPEL Domain”
4. Enter the Domain Id as “custom_domain”
5. Click on Create to complete the Custom Domain Creation

User Management for Custom Domain (custom_domain)

Oracle BPEL PM comes with a domain “default”. It also comes with certain responsibilities which controls the access to this domain. The roles related to this “default” domain includes

BPMDefaultDomainAdmin
This role is to control the access to the “default” domain.
BPMSystemAdmin
This role is to control the access to the entire BPEL PM including the “default” domain and all other custom domains

Steps to implement for allowing access to Custom Domain (custom_domain)

BPEL Installation in Default OC4J instance

1. Navigate to $ORACLE_HOME/j2ee/home ($ORACLE_HOME/j2ee/)
2. Create the Role with name (BPMCustomDomainAdmin)

$ORACLE_HOME\j2ee\home>java -jar jazn.jar -user oc4jadmin -password welcome1 -addrole jazn.com BPMCustomDomainAdmin

3. Grant permissions to the role created in step (2) above

$ORACLE_HOME\j2ee\home>java -bootclasspath/a:$ORACLE_HOME\bpel\lib\orabpel-boot.jar -jar jazn.jar -grantperm jazn.com -role BPMCustomDomainAdmin com.collaxa.security.DomainPermission custom_domain all

4. Now create the users and assign the the above role

5. Restart the BPEL oc4j

5. Login to BPELConsole.

BPEL Installation in different J2EE home (oc4j_soa)

1. Navigate to $ORACLE_HOME/j2ee/home
2. Copy all the jar files and lib folder in this directory to $ORACLE_HOME/j2ee/oc4j_soa
This step is very important , if not the entries created further will get added to home system-jazn-data.xml
3. Navigate to $ORACLE_HOME/j2ee/oc4j_soa
4. Create the Role with name (BPMCustomDomainAdmin)

$ORACLE_HOME\j2ee\home>java -jar jazn.jar -user oc4jadmin -password welcome1 -addrole jazn.com BPMCustomDomainAdmin

5. Grant permissions to the role created in step (2) above

$ORACLE_HOME\j2ee\home>java -bootclasspath/a:$ORACLE_HOME\bpel\lib\orabpel-boot.jar -jar jazn.jar -grantperm jazn.com -role BPMCustomDomainAdmin com.collaxa.security.DomainPermission custom_domain all

6. Now create the users and assign the the above role

7. Restart the BPEL oc4j

8. Login to BPELConsole

grantperm : command option to grant permission
jazn.com : Realm for File Based Security Provider (JAZN)
com.collaxa.security.DomainPermission : Permission name for the Domain
custom_domain : Custom Domain Name
all : access level. The current version of Oracle BPEL PM ( 10.1.3.3) supports either to grant all permissions to a domain / no permission

More.......

1. To grant System Administrator privileges for a custom role created, the permission to be given to com.collaxa.security.ServerPermission

$ORACLE_HOME\j2ee\home>java -bootclasspath/a:$ORACLE_HOME\bpel\lib\orabpel-boot.jar -jar jazn.jar -grantperm jazn.com -role BPMCustomDomainAdmin com.collaxa.security.ServerPermission server all

Reference:
Oracle® BPEL Process Manager Administrator's Guide 10g (10.1.3.1.0)