|Oracle® Fusion Middleware System Administrator's Guide for Content Server
11g Release 1 (11.1.1)
Part Number E10792-01
This section describes the procedure to set up a basic security configuration using the Need to Know component. This procedure explains how to set up security configuration variables, a custom metadata field, and a hit list role. After you have set up the basic configuration, you can use the Need to Know component interface to edit, test, and improve the security configuration.
Note:You must open the Admin Server page for the applicable Content Server instance before starting the procedure.
Select the General Configuration link on the side bar in the Admin Server page.
Under the Additional Configuration Variables heading on the Admin Server: General Configuration Page, scroll to the bottom of the text area, and add the following text:
Replace group1,group2,... with the security groups that will use the Need to Know component.
Security groups must be entered in lower case.
Any security groups not listed will have standard security applied.
Note:Other products such as Records Management also can use the SpecialAuthGroups configuration variable, so be careful to use unique names for security groups that will use the Need to Know component.
If you want to specify content item-level queries, use the Configuration Manager to add a new metadata field. (This is not necessary if you will be using only the global query.) A new metadata field must be added by using the Configuration Manager; it cannot be added from the Need to Know component interface.
You can use any field name and title you wish, such as DocDisclosureQuery or NeedToKnow.
The field must be specified as a memo field.
After adding the field, you will need to click Update Database Design, and then click Rebuild Search Index.
Note:If your Content Server instance already has a large amount of content, rebuilding the search index can take a long time (up to a couple of days). Consider rebuilding during system maintenance periods or at times of non-peak system usage.
Use the User Admin administration applet to add a hit list role.
You can use any role name you wish, such as hitlist or NTKrole.
Give Read access to all the security groups that were specified in the SpecialAuthGroups configuration entry.
If you want the security groups that were specified in the SpecialAuthGroups configuration entry to be listed on the check-in page or update page, you will need to give Write access to this role.
You can create two different hit list roles with different names and permissions. One role can be configured with the Need to Know component to be a Query role in a content search, and the other role can be configured with the Need to Know component to be an Update role in content check-ins and updates.
Do not assign this role to any users. If the hit list role is configured to be a Query or Update role, it is automatically added to the user's attributes.
If you want to set user access permissions that extend the limits of Need to Know security, use the General Configuration page to include extra security configuration settings in the Additional Configuration Variables section. Scroll to the bottom of the text area and enter the configuration settings as necessary.
If you want to add new user attribute fields for use in Need to Know queries, use the User Admin tool to add user attribute fields.
Restart the content server.
Note:When the Need to Know component has been installed, certain security configuration values are stored in the IntradocDir/data/needtoknow/ntk_config.hda file. These values can be edited by using the Need to Know administration interface, described in "NTK Administration Interface", or by directly editing the ntk_config.hda file.