Chapter 5 Roles and Permissions

The admin user administers roles and permissions for the resources that needs to be managed to build a site. This chapter covers the following topics:

• Administering Roles and Permissions

• Definition and Classification of Portal Resources

• User Groups

• Communities

• Organizations

• Users and User Roles

• Plugins

Administering Roles and Permissions

Use the Control Panel to set roles and permissions for users, user groups, communities, and organizations.

Using the Control Panel to Administer Roles and Permissions

The Control Panel provides an interface for creating and maintaining the following:

• Users

• Organizations

• User Groups

• Roles

Additionally, you can configure many server settings, including:

• Information about the site

• Authentication options, including Single Sign-On and LDAP integration

• Default user associations

• Reserved screen names

• Mail host names

• Email notifications

Use the Control Panel to create the portal structure, implement security, and administer users.

To use the Control Panel to Administer Roles and Permissions

1. Log in to Sun GlassFish Web Space Server as the admin user.

2. Choose Control Panel from the Welcome menu.

   The Control Panel page appears.

3. To view and make changes to an item, choose an item from the left menu.

   For example, click Users under Portal. From this page, you can set roles and permissions for users. Similarly, you can set roles and permissions for Organizations, Communities, and User Groups.

Definition and Classification of Portal Resources

Web Space Server organizes portals and user resources as follows:

1. Portals are accessed by Users.

2. Users can be collected into User Groups.

3. Users can belong to Organizations.

4. Organizations can be grouped into hierarchies.

5. Users, Groups, and Organizations can belong to Communities that have a common interest.

The simplest way to think about this is that you have users and various ways those users can be grouped together. Some of these groupings follow an administratively organized hierarchy, and other groupings might be done by the users themselves, such as different users from multiple organizations that have a common interest in dogs, starting a community called Dog Lovers. Other groupings can be done administratively through user groups or roles for other functions that might apply throughout the portal, such as a Message Board Administrators group made up of users from multiple communities and organizations who can administer any message board in the portal.

This way of organizing portal concepts is shown in the following figure.

Figure 5–1 Sun GlassFish Web Space Server Portal Resources

In the figure, each arrow may be read as “can be a member of”. This means that Organizations can be members of Communities, Communities can be members of Roles, Users can be members of anything, and so on. This flexibility provides a powerful mechanism for portal administrators to configure portal resources and security.

User Groups

User groups are arbitrary groupings of users. These groups are created by portal administrators to group users who do not have an obvious organizational or community-based attribute or aspect that brings them together. Groups can have permissions, much like roles. You could therefore use a user froup to grant permissions to any arbitrary list of users.

For example, You could create a user group called “People Who Have Access to My Stuff” and grant permission to that user group to access a particular Document Library folder . This list of users could be members of separate Organizations, Communities, or Roleswhom you want to also have access to this Document Library folder. The folder could be some personal, community, or organization page that is accessible to them in the portal.

To Create a User Group

1. Log in to Web Space Server as the admin user.

2. Navigate to Control Panel -> Portal -> User Groups from the Welcome menu.

3. Click Add.

4. Specify a name and a description for the user group and click Save.

To Assign Users to User Groups

1. Log in to Web Space Server as the admin user.

2. Navigate to Control Panel -> Portal -> User Groups from the Welcome menu.

3. Click the Actions button corresponding to a user group and choose Assign Members from the menu.

   The assign members page enables you to make assignments to the user group.

4. Click the Available tab to view the list of all available members.

5. Select the users you want to add to the user group and click Update Associations.

6. Click the Current tab to verify updated associations to the user group.

Communities

Communities are collections of users who have a common interest. Web Space Server's default pages are in the Guest community, because everyone, whether they are anonymous or members of the portal, has common interest in the default public pages of your site.

The three types of Communities:

• Open

• Restricted

• Private

An Open Community (the default) allows portal users to join and leave the Community whenever they want to, provided they have access to a Communities portlet. A Restricted Community requires that users be added to the Community by a community administrator. Users may use the Communities portlet to request membership. A Private community does not allow users to join and to leave the community.

To add a Community

You can add communities by navigating to Control Panel -> Portal -> Communities or by using the My Communities portlet.

1. Log in to Web Space Server as the admin user.

2. Navigate to Control Panel -> Portal -> Communities from the Welcome menu.

3. Click Add.

4. Specify the name and a description for the community.

5. Specify the type and active attributes for the community.

   A community can be Open, Restricted, or Private, with Open being the default type. By default, the community is Active.

6. Click Save.

To Assign Users to a Community

You can assign members to communities by navigating to Control Panel -> Portal -> Communities or by using the My Communities portlet.

1. Log in to Web Space Server as the admin user.

2. Click Add Applications from the Welcome menu.

3. Expand the Community folder.

4. Click Add next to the My Communities portlet.

5. Click Available Communities to list all available communities.

6. Click the Actions button for the community, and choose Assign Members from the menu.

   All the current Users, Organizations, and User Groups are listed in their respective tabs.

7. Click the Available tab under Users tab to list all available users.

8. Select each of the users whom you want to assign as members.

9. Click the Update Associations button to assign selected users as members.

10. Click the Current tab to view the current members, which include the members you just assigned to the community.

Organizations

Organizations are hierarchical collections of Users. They are one of the two types of portal resources that can have pages. A special type of Organization called Location defines where users are specifically located.

The two kinds of Organizations are:

• Regular - Can have suborganizations

• Location - Is not allowed to have suborganizations.

Let us consider the example of creating an organization called Admin Organization and a Suborganization called Admin Location. This section explains the method of defining an organization and creating users under organization.

To Create an Organization

1. Log in to Web Space Server as the admin user.

2. Navigate to Control Panel -> Portal -> Organizations from the Welcome menu.

   All the existing organizations are listed.

3. Click Add.

4. Provide a name and type for the organization.

   For an organization of type Location, also specify the Country and Region.

5. Click Save.

   You can specify other attributes such as, address, phone number, email ID, and web site.

To Create a Suborganization

1. Log in to Web Space Server as the admin user.

2. Navigate to Control Panel -> Portal -> Organizations from the Welcome menu.

   All the existing organizations are listed.

3. Click Add.

4. Provide a name and type for the organization.

   For an organization of type Location, also specify the Country and Region.

5. Click Select to select a parent organization.

   The window that appears lists all the Organizations of type Regular.

   ---

   Note –

   You cannot create a Location Organization without assigning a parent Organization to it.

   ---

6. Select an organization to as the parent organization.

   The Organization being created becomes the suborganization of the parent Organization.

7. Click Save.

   ---

   Note –

   An alternative method for selecting a parent organization for an organization is by clicking the Actions button corresponding to an organization and choosing Add Regular Organization or Add Location from the menu. To select a Regular Organization as the parent organization, choose Add Regular Organization from the menu. If you want to select an organization of type Location as the parent organization, choose Add Location from the menu.

   ---

To Create Users under an Organization

Users can have “member of” association with an organization.

1. Log in to Web Space Server as the admin user.

2. Navigate to Control Panel -> Portal -> Organizations from the Welcome menu.

   All the existing organizations are listed.

3. Click Actions button corresponding to an organization.

4. Choose Add User from the menu.

5. Type the name and other details for the user.

   By default, the user is assigned to the same organization. To change the organization for the user, or to assign the user to more organizations, click the Organizations link under User Information.

   • Click Select to select another organization for the user.

   • Click Remove corresponding to an organization to remove user from the organization.

6. Click Save.

   The user is created.

7. Update the User Information, Identification, and other details of the organization.

8. Click Save.

Users and User Roles

The three kinds of User Roles are:

• Regular

• Organization

• Community

To view user roles, navigate to Control Panel -> Portal -> Users from the Welcome menu, click the link for any user, and choose Roles under User Information.

Regular Roles

Guest, User, Power User, Owner, and Administrator are the different Regular roles. All the user with login access to Web Space Server are assigned the User role. This role differentiates between a Guest and a person who has a user ID in the portal. By default, all users are also assigned the Power User role. This role by default gives users their own personal pages (both public and private) where they can place portlets.

Organization Roles

You can assign Organization Administrator, Organization Member, and Organization Owner roles to users who are members of a organization.

Community Roles

You can assign Community Administrator, Community Member, Community Owner, Content Designer, Content Editor, and Content Publisher roles to users who are members of a community.

To Define User Roles

1. Log in to Web Space Server as the admin user.

2. Navigate to Control Panel -> Portal -> Users from the Welcome menu.

3. Select a user from the list.

   Use the Regular Role, Community Roles, and Organization Roles tabs to assign Regular, Community, and Organization roles to the users.

4. Choose Roles under User Information.

   You can assign Regular roles for all users in addition to the default Regular roles. To be eligible for Organization or Community roles, the user need to be a member of a Web Space Server Organization or Community. You can also remove the roles assigned to a user here.

5. Choose Select under Regular Roles, Organization Roles, or Community Roles to assign more Regular, Organization, or Community roles respectively.

6. To remove an assigned role select Remove corresponding to the role.

7. Click Save.

Plugins

Plugins help in extending the functionality of an application. You can activate or deactivate plugins. You can also extend or restrict the accessibility of a plugin to different users by adding or removing roles to the plugin.

The admin user may access plugins and set permissions to allow or to restrict other users to access those plugins. For example, the Admin portlet has the Administrator role associated with it. This tole means that a user registered as an administrator can access the portlet.

To Access Plugins

1. Log in to Web Space Server as the admin user.

2. Navigate to Control Panel -> Portal -> Plugins Configuration from the Welcome menu.

   Five tabs list different portlet categories: Portlet Plugins, Theme Plugins, Layout Template Plugins, Hook Plugins, and Web Plugins.

To Change Plugin Permissions

1. Log in to Web Space Server as the admin user.

2. Navigate to Control Panel -> Portal -> Plugins Configuration from the Welcome menu.

   Five tabs list portlets of four different categories: Portlet Plugins, Theme Plugins, Layout Template Plugins, Hook Plugins, and Web Plugins.

3. Click the link for any portlet.

   For example, click the Activities portlet.

4. To change the user access permissions for the portlet, or remove roles.

   For example, If the portlet has Power User role, all the users who have this role can access the portlet.

5. Activate or deactivate the portlet with the Active option.

6. Click Save.