Allowing non-administrators to run diagnostics

After you have created users and added them to groups, you might want to allow non-administrators to run diagnostics in Rule Execution Server.

1. From the breadcrumbs at the top of the console, or from the Home Page, open the Summary of Security Realms page, and in the Realms table, click myrealm.
2. On the Settings for myrealm page, on the Configurations > General tab, select the Use Authorization Providers to Protect JMX Access check box.
3. Click Save and restart the server.
   Tip: It is not necessary to restart the Administration Console.
4. After the server is restarted, click the Roles and Policies tab, and then the Realm Policies tab.
5. Under Policies, click JMX Policy Editor.
6. On the JMX Policy Editor page, check that GLOBAL SCOPE is selected and click Next.
7. In the next panel, check that ALL MBEAN TYPES is selected and click Next.
8. In the Attributes and Operations table, select Operations: Permission to Invoke and click Create Policy.
9. Click Add Conditions, select Role from the Predicate List, and click Next.
10. Type Admin in the Role Argument Name field and click Add, and then click Finish.
11. On the Edit JMX Policies page, click Add Conditions, select Group from the Predicate List list, and click Next.
12. Add the groups that do not have administrator privilege and whom you allow to run the diagnostic tests. For example, to add all the resDeployers and resMonitors groups follow these steps:
    1. Type resDeployers in the Group Argument Name field and click Add.
    2. Type resMonitors in the Group Argument Name field and click Add.
    3. Click Finish
    The policy conditions and the overridden policy are shown:

    Group: resDeployers or resMonitors
    
    Role: Admin

13. Click Save.
14. Restart WebLogic Server.