The feature is documented in the Oracle Fusion Middleware Security guide (section 7.2.1) but the doc is somewhat awkward. I recently has some email exchange with a customer about this, and I thought while we improve the doc, the clarification might be of interest to others.
The following three application security artifacts are of interest during application deployment process.
- Identities - Which mean users and groups and application roles to groups/users mapping. These are defined by a Developer during application development process within JDev.
- In most scenarios, the identities should not be migrated when deploying an application to a remote WLS (it is controlled with the check box, )
- Mapping Application role to enterprise groups/users in a remote WLS environment is a post application deployment task to be done by an Administrator.
- When deploying the app for the first time, the policies should always be migrated to the Policy store, which is the option controlled by "Append" radio button
- Upon re-deploying the app, to preserve any application policy modification made in the policy store, the admin should choose the "Ignore" radio button.
- The radio button "Append" means credentials packaged with the application will be deployed to the remote WLS's credential store. In case a credential with the same map and key names already exists in the domain credential store, the migration process will skip that credential, and continue with others.
- The radio button "Ignore" means credentials packaged with the application will not be deployed to the remote WLS's credential store. In this case, the administrator is then expected to create a credential valid for the environment, before the application works as designed by the developer."