If you would like to create or configure a user, Who only has read and deploy composites permissions (Restricted Access) in EM console please do the following:
Access to the Enterprise Manager console is determined by the role assigned to the user. See Appendix C.1 Roles and Privileges in:
Document Reference: Oracle® Fusion Middleware Administrator's Guide for Oracle SOA Suite and Oracle Business Process Management Suite 11g Release 1 (188.8.131.52.0) - Part Number E10226-06
Steps to configure the roles described in the document document: (In this case we assign the Monitor role to the user created)
- Log in to the Weblogic console.
- Click on Security Realms -> the name of the realm (myRealm is the default) -> Users and Groups.
- Click on New to create a new user.
- Click on the name of the user just created, then Groups and move Monitors from the list on the left to the right. Click Save.
- Now log in to the Enterprise Manager console with admin privileges, open the SOA folder and right-click on soa-infra and select Security -> Application Roles.
- Leave the search text empty and click on search button. This will give you a list of all Application Roles.
- Click on SOAMonitor role to edit it.
- Scroll down and click on add user. Click on the search button, and a list of available users will be populated. You should see the user just created on the Weblogic console. Move the user to the right and click OK and OK again.
- Log out, then log in with the user just created.
Additional Info: If you are keen in learning about the roles and their restrictions on weblogic server console please refer:
Document: Oracle® Fusion Middleware Securing Resources Using Roles and Policies for Oracle WebLogic Server 11g Release 1 (10.3.4) - Part Number E13747-04
Section: 6 Users, Groups, And Security Roles