2.9 - Security Groups should be established

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Ensure that only the users that require access have been added to the 'Operators', 'Deployers' or 'Monitors' security groups.

If users are granted more privilege than necessary there are more chances for changes to the WebLogic Server configuration and the WebLogic Server could become less secure.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To add users to one or more groups:
1. On the Summary of Security Realms page select the name of the realm (for example, myrealm).
2. On the Settings for Realm Name page select Users and Groups > Users.
3. In the Users table select the user you want to add to a group.
4. On the Settings for User Name page select Groups.
5. Select a group or groups from the Available list box:
- To locate a group in a large list, type the first few characters of the name.
- To select multiple groups, Ctrl-click each group.
- To add a user to a group, click the right arrow to move the selection to the Chosen list box.
- To remove a user from a group, select the group in the Chosen list box and click the left arrow.
6. Click Save.