For security reasons and to prevent the configuration drift it is recommendable to use read only for analyzing problems.
For read only access of configuration and logs WebLogic provides out of the box the group Monitors. Unfortunately you cannot access DMS Spy Servlet with this group, which is useful for analyse runtime values of the server. Only users which belongs to the Administrators group and therefore have full access can access DMS Spy Servlet and this is not configurable in WebLogic by default.
Here you can see how to add groups on linux to the DMS Spy Servlet deployment:
pushd $ORACLE_HOME/oracle_common/modules/oracle.dms cp dms.war dms.war.`date +%y.%m.%d.%H:%M` unzip dms.war WEB-INF/weblogic.xml sed -i '/Monitors/d' WEB-INF/weblogic.xml sed -i '/^ <principal-name>Administrators<\/principal-name>$/a\ <principal-name>Monitors<\/principal-name>' WEB-INF/weblogic.xml zip dms.war WEB-INF/weblogic.xml rm -r WEB-INF popd
Following is the responsible snippet in weblogic.xml before:
<security-role-assignment>
<role-name>Admin</role-name>
<principal-name>Administrators</principal-name>
</security-role-assignment>
and after modification:
<security-role-assignment>
<role-name>Admin</role-name>
<principal-name>Administrators</principal-name>
<principal-name>Monitors</principal-name>
</security-role-assignment>
After this modification you have to restart the WebLogic Server.
That’s it!
