Skip Headers
Oracle® Fusion Middleware User's Guide for Oracle WebCenter Portal: Spaces
11g Release 1 (11.1.1.6.0)

Part Number E10149-11
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

23 Securing Pages and Components

You are authorized to specify who can access any page on which you also have Edit Page permission. Among those you authorize to access the page, you can assign varying levels of access, so that some users can edit the page while others can merely view it. If you prefer, you can specify that the page inherits its access settings from the application.

You may want to open a page to many users, but limit the exposure of a particular page component to a specific user, a user group, or to users who are assigned a specific application role. You can accomplish this by associating a security-related EL expression with the component instance.

This chapter provides information about securing pages and page components. It includes the following sections:

Audience

This chapter is intended for space Moderators and Participants and for page editors with the create, edit, and delete permission on pages and on the services that provide the components to be secured. For more information about application roles and permissions, see Section 21.2, "Managing Application Roles and Permissions."

23.1 Setting Access on a Page

Page properties include a Security tab with controls for specifying who can do what to the current page (Figure 23-1).

Figure 23-1 Home Space Page: Security Tab in Page Properties Dialog

Security tab in Page Properties dialog

The options that appear on the Security tab vary according to whether you are accessing the tab from a space page or a Home space page (Figure 23-1 shows the options for a Home space page).

When you set page security on a space page, you have the additional option of inheriting page access permissions from the application or setting custom page access permissions.

This section describes how to set page access through page properties. It is also possible to set page access through the Personalize Pages page. Setting page access through the Personalize Pages page is discussed in Section 38.2, "Controlling User Access to Your Personal Pages."

Note:

Page access permissions set through the Page Properties dialog in Composer are committed after you click OK in the Page Properties dialog. Closing Composer without saving does not discard such changes.

Page access permissions set through the Personalize Pages page take effect after you click OK in the Set Page Access dialog.

To access the Security tab in the Page Properties dialog:

  1. Go to the page you want to secure, and open it in Composer.

    See Also:

    To open a page in edit mode (Composer), press Ctrl-Shift-E.

  2. Click the Page Properties button (Figure 23-2).

    Figure 23-2 Page Properties Button in Page Edit Mode

    Page Properties button in page edit mode
    Description of "Figure 23-2 Page Properties Button in Page Edit Mode"

  3. In the Page Properties dialog, click the Security tab to bring it forward (Figure 23-3).

    Figure 23-3 Home Space Page: Security Tab in Page Properties Dialog

    Security tab in Page Properties dialog
    Description of "Figure 23-3 Home Space Page: Security Tab in Page Properties Dialog"

  4. Space pages only:

  5. To grant page access permissions to all authenticated users, that is, to users who are logged in to the Spaces application, click Add Authenticated Access.

    The role authenticated-role is added under Role or User.

  6. To grant page access permissions to all public users, that is, users who have not logged in to the Spaces application, click Add Public Access.

    The role anonymous-role is added under Role or User.

    Note:

    To grant page access to the anonymous-role (that is, to enable users who are not logged in to access the space) the space must be public. The space cannot be private or hidden.

  7. To grant page access permissions to selected users, groups, and application roles, click the Add Access button to open the Add Access dialog (Figure 23-5).

    Figure 23-5 The Add Access Dialog

    Add Access dialog box
    Description of "Figure 23-5 The Add Access Dialog"

  8. In the Search field, enter a search term, such as the name of the user, group, or role for whom to enable access, and click the Search icon.

    Tip:

    Search terms must contain at least two characters.

  9. Select a user, group, or role by clicking in its row.

    Tip:

    When you select a user name, the permissions you set are granted to that specific user. When you select a group or application role, the permissions you set are granted to all users who are members of that group or who are assigned that role.

    To make multiple selections:

    • Ctrl-Click to select multiple rows.

    • Shift-Click to select a range of rows.

  10. Click Select.

    The Add Access dialog closes, and the Set Page Access dialog populates with the selected users (Figure 23-6).

    Figure 23-6 Populated Security Tab in Page Properties Dialog

    Populated Security tab in Page Properties dialog
    Description of "Figure 23-6 Populated Security Tab in Page Properties Dialog"

  11. For each user, group, or role, grant access by selecting one or more access permissions from the Page Access columns (Table 23-1).

    Table 23-1 Page Access Privileges in the Set Page Access Dialog

    Icon Name Description

    View Page icon

    View Page

    Users can access the page for viewing, but cannot perform any other actions on the page.

    Personalize Page icon

    Edit Page

    Users can edit the page using Composer. This includes adding, rearranging, and deleting content; renaming the page; and changing page properties.

    Delete Page icon

    Delete Page

    Users can delete the page.

    Manage Page icon

    Perform All Page Actions

    Users can perform all actions on the page.

    Edit Page icon

    Personalize Page

    Users can rearrange page content and personalize his or her view of task flows, provided the task flow includes personalization settings.


    Tip:

    By default, all authenticated users and user roles that you add to the Set Page Access dialog are granted page view access. The other access privileges require page view access.

  12. Click OK to save your changes and close the Set Page Access dialog.

23.2 Setting Access on a Page Component

There may be pages you want to expose to many users that have components you want only a select set of users—or even only one other user—to see. For example, imagine that you have created a space for all sales people. The space's home page includes two Announcements task flow instances: one for all sales people and one for sales managers only. You can secure the second Announcements instance so that only those users assigned the custom role sales_manager can see it.

Any component that has an associated Show Component property can be secured in this way. Those components that do not have an associated Show Component property can be placed inside a component that does, and in this way be secured. For example, you can place an Announcements task flow, which does not have an associated Show Component property, inside a Box layout component, which does. You can set the property on the Box, and that setting will also affect the display of Announcements.

See Also:

You can also set security on the custom components that you import through the Resource Manager. For more information, see Section 10.4.4, "Setting Security for a Resource."

To set access on a component instance:

  1. Go to the component instance you want to secure and access its Display Options properties.

    See Also:

    For information about accessing component properties, see Section 17.5.2, "Setting Properties on Page Components."

  2. Open the Expression Builder by clicking the Edit icon to the right of the Show Component property and selecting Expression Builder (Figure 23-7).

    Figure 23-7 Expression Builder Option Next to Show Component

    Expression Builder option next to Show Component
    Description of "Figure 23-7 Expression Builder Option Next to Show Component"

  3. Under Type a Value or Expression, enter one of the following EL expressions:

    • To expose a component only to members of a particular scope who are assigned a particular role in that scope, enter:

      #{WCSecurityContext.userInScopedRole['role']}
      

      In lieu of role, enter the role name, for example Moderator.

      The scope is implicitly resolved to be the current scope:

      • If you use this EL in the Home space, it resolves to Home space GUID and roles defined at the application level.

      • If you use this EL in a space scope, it resolves to roles defined for the space.

    • To expose a component only to members of a group, enter:

      #{WCSecurityContext.userInGroup['group_name']}
      

      In lieu of group_name, enter the name of the group, for example Administrators.

    • To expose a component only to a specific user, enter:

      #{WCSecurityContext.currentUser['user_name']}
      

      In lieu of user_name, enter the user name, for example jdoe.

    See Also:

    For more information about EL expressions, see Appendix B, "Expression Language Expressions." For information about EL expressions relevant to security, see Section B.4.3, "EL Expressions Relevant to Application Security."

  4. Click OK to exit the Expression Builder, and click OK to save your changes and exit the Component Properties dialog.

  5. Click Save and then Close to exit Composer.

    The secured component appears only to those users with the name, role, or group you specified.