17.6 Securing Tabs

You can secure a tab by granting privileges on it or by locking its regions. Region locking is described in Section 17.8, "Locking Regions". To grant privileges on a tab, you must have at least the tab privilege Manage on the tab. Use tab privileges to control who can access a tab, add content to it, manage the style that is applied to it, or personalize their own view of the tab.

Use tab access privileges to grant a greater level of access to a tab than users or groups may have on the page that hosts the tab. For example, a user may have the page privilege View on a page but the tab privilege Manage on a tab on the page. The user can merely view the page, but can add content, grant access, and perform any other management task on the tab. You cannot use tab access privileges to grant a lesser level of access to a tab that users or groups have on the page that hosts the tab. A user's page or page group level privileges always override privileges at the tab level.

To grant privileges on a tab:

  1. Log in to Oracle Portal.

  2. Go to the page that contains the tab on which to grant access privileges.

    For information on how to locate a page, see Section 8.1, "Locating Pages in Oracle Portal".

  3. Switch to Edit mode.

  4. Click the Edit Tab icon on the tab on which to grant access privileges (Figure 17-2).

    Figure 17-2 The Edit Tab icon

    Edit Tab icon

    Be sure to click the Edit Tab icon on the tab flap and not the one beside the flap.

  5. Click the Access tab to bring it forward.

  6. Under Access Setting, select a means of specifying tab access; choose from:

    • Inherit Access Settings from the Template—This option displays when the page hosting the tab is based on a template. This selection assigns the tab the same access privileges as are granted on the tab on the template on which this page is based.

      If you select this option, go to step 13.

    • Inherit Access Settings from Page <Page Name>—This selection assigns the tab the same access privileges as are specified for the tab's parent page or a sub-tab's parent (main) tab.

      If you select this option, go to step 13.

    • Specify Access Settings—This selection enables you to specify access settings for the tab. When you select this option, the Access Properties and Grant Access sections display on this page. If these sections do not automatically appear, click Apply.

      The rest of this procedure describes the steps you take when you select Specify Access Settings.

  7. Select or clear the Display Tab to Public Users check box.

    • Select to allow all users, even those who are not logged in, to view this tab.

    • Clear to limit the display of this tab to authenticated users.

  8. Select or clear the Enable Item Level Security check box.

    • Select to enable privileged users to define access privileges on individual items on this tab. When item level security is enabled, a user must have at least the item privilege View on the item in order to view it.

    • Clear to prevent the setting of access privileges on items on this tab.

  9. Under Grant Access, click the Browse Users or Browse Groups icon to select a user or group on whom to grant access privileges on the tab.

    Note:

    Oracle Portal uses the Oracle Internet Directory for identity management, serving as the repository for users and groups. In the Oracle Internet Directory, groups are uniquely identified by their distinguished name (DN). Each group has a unique DN, though many groups can share a common name, in the same way that two people can share a common name, yet have completely different lineage (for example, John Smith and John Doe). When working within the portal, groups created from within that portal are displayed simply with their common names. However, when the portal references a group from some other location in the Oracle Internet Directory—such as a group from some other portal associated with the same Identity Management Infrastructure—the DN of the group is displayed to distinguish it from the portal's locally defined groups.

  10. Select a privilege from the associated drop-down list.

    Choose from:

    • Manage

    • Manage Content

    • Manage Style

    • Manage Items With Approval

      Approvals and notifications must be enabled for the page's page group for the page privilege Manage Items With Approval to display. For more information, see Section 5.4, "Setting Up Approvals".

    • Personalize Portlets (Full)

    • Personalize Portlets (Add-Only)

    • Personalize Portlets (Hide-Show)

    • Personalize (Style)

    • View

    All of these privileges are explained in detail in Appendix B, "Page Group Object Privileges".

  11. Click Add after defining each user or group's privilege.

    Though you cannot select multiple privileges to grant at one time, after you click Add, you can repeat the process, select the same user or group, and grant another privilege. In this way, you can grant a general privilege, such as View, to a group, then a higher-level privilege, such as Manage All, to a user who is also a member of the group.

  12. Once you have granted privileges, click the Clear Cache link.

    This will clear away any obsolete privileges on this tab that linger in the cache.

  13. Click OK to save your changes and return to the page.