Logged in role is not allowed to view/edit Access Control Policies in OSB

May 28, 2015

Reading time ~1 minute

If you want to change Access Control Policies in OSB on 12.1.3 it works fine on the Quickstart, but in the regular install you will probably get into the same problem as me. Fortunately I fould the solution on MOS: Cannot open the Policy Editor due to, “Logged in role is not allowed to view/edit Access Control Policies.” (Doc ID 1963087.1)

A user which is a part of the Administrators group is unable to open the policy editor with the hint, “Logged in role is not allowed to view/edit Access Control Policies.” as below.

The reason is because the Administrators group is a member of the application role MiddlwareAdministrator. However, MiddlewareAdministrator does not have a permission AdminOnlyTaskAccess.

So what you have to do is the folowing:

  1. Login to Enterprise Manager - Fusion Middleware Control 12c.
  2. Select as below.
   WebLogic Domain
   > <domain-name> (right-click)
     > Security (Menu)
       > Application Policies (Menu)
  1. Set as below, then click the arrow (Search application security grants) next to Principal Name.
   Application Stripe: Service_Bus_Console
   Principal Type: Application Role
  1. Select MiddlewareAdministrator, then click Edit.
  2. Add AdminOnlyTaskAccess to Permissions as below, then click OK.
   Permission Class: oracle.soa.osb.console.common.permissions.OSBPermission
   Resource Name: AdminOnlyTaskAccess
   Permission Actions: update
Jon Petter is Department Manager for Middleware at SYSCO. Building an organization of skilled Oracle Middleware experts, with a focus on Oracle SOA Suite, Weblogic, Oracle Service Bus, BPM Suite, BAM, Oracle Event Processing. He has worked with Oracle products since 1997, and has worked with some of the larger SOA customers in Norway. Board member of the Oracle User Group Norway (OUGN), and Oracle ACE Associate.

Customizing service calls with multiple levels of security in OSB 12c

This will be a part two of my previous post which you can read [here](http://blog.sysco.no/osb/jdeveloper/Service-call-with-multiple-leve...… Continue reading