You can try with a WLST script using the grantAppRole command like the following:
connect(“weblogic”,”welcome1″,”localhost:7001″)
grantAppRole(“obi”,”ReportWLSTRole”,”oracle.security.jps.service.policystore.ApplicationRole”,”BIAuthor”)
grantAppRole(“obi”,”ReportWLSTRole”,”weblogic.security.principal.WLSUserImpl”,”weblogic”)
grantAppRole(“obi”,”ReportWLSTRole”,”weblogic.security.principal.WLSGroupImpl”,”BIAdministrators”)
This example shows how to assign a group, a user and a role to the "ReportWLSTRole". (Example taken from the RittmanMead blog)
Does it have to be a python script? You can automate this with an init block on the RPD:
Create a table that contains the mapping between users and application roles and then create a row-wise init block for the ROLES variable in the RPD, for example:
select 'ROLES', p.rolename from p roles_table where p.user=':USER'