In the jazn-data.xml overview editor you can create both application and enterprise roles.
An application role is a role used by an ADF application. It is specific to the application, defined by the application policy, and not necessarily known to the Java EE container. Application roles are scoped in the sense that they can contain only users and roles defined in the application.
After you create the application role, you will:
An enterprise role is a role that is maintained in the domain policy store (as opposed to an application policy store). Enterprise roles are available to every application deployed in the domain and defined in the domain identity store, typically represented by an ordered list of authenticators configured in the domain.
You use the Enterprise Roles page to group users that you add to the identity store. You can use this mechanism to assign entire groups of users to application roles that you have defined for the purpose of conferring access rights defined by ADF security policies. However, Integrated WebLogic Server does not require you to create enterprise roles to run the application within JDeveloper. For the purpose of testing the application, it is sufficient to create a few test users and assign them directly to application roles.
Ultimately, when you deploy an application for staging outside of JDeveloper, you migrate the policy store to the target server.
Copyright © 1997, 2009, Oracle. All rights reserved.