Authorization is the process of determining what permissions a user can have when accessing protected resources. Oracle BAM uses the policy-based mechanism to achieve authorization. In this section, you will learn how to manage BAM authorization, in particular, how to manage application roles and policies.
An application role is a virtual group defined in a centralized policy store, which is typically mapped to certain permissions that control the access of protected application resources. An application role contains members that can be users or groups defined in an LDAP Server, or another application role.
Note
Granting permissions to application roles instead of physical users or groups, allows you to decouple the application-level permissions with principals defined in an identity store. Using application roles provides flexibility and ease of management. For example, suppose that you want to grant a number of permissions to a new...