Skip Headers
Oracle® Fusion Middleware User's Guide for Oracle WebCenter Portal: Spaces
11g Release 1 (11.1.1.7.0)

Part Number E10149-12
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

26 Securing Pages and Components

You are authorized to specify who can access any page on which you also have Edit Page permission. Among those you authorize to access the page, you can assign varying levels of access, so that some users can edit the page while others can merely view it. If you prefer, you can specify that the page inherits its access settings from the application.

You may want to open a page to many users, but limit the exposure of a particular page component to a specific user, a user group, or to users who are assigned a specific application role. You can accomplish this by associating a security-related EL expression with the component instance.

This chapter provides information about securing pages and page components. It includes the following sections:

Audience

This chapter is intended for space moderators and participants and for page editors with the create, edit, and delete permission on pages and on the services that provide the components to be secured. For more information about application roles and permissions, see Section 24.2, "Managing Application Roles and Permissions."

26.1 Setting Access on a Page Through Page Properties

Page properties include a Security tab with controls for specifying access permissions on the current page (Figure 26-1).

Figure 26-1 Home Space Page: Security Tab in Page Properties Dialog

Security tab in Page Properties dialog

The options that appear on the Security tab vary according to whether you are accessing the tab from a space page or a Home space page (Figure 26-1 shows the options for a Home space page).

When you set page security on a space page, you have the additional option of inheriting page access permissions from the application or setting custom page access permissions.

This section describes how to set page access through page properties. It is also possible to set page access through the Personalize Pages page, as discussed in Section 17.7, "Controlling User Access to a Page."

Note:

Page access permissions set through the Page Properties dialog in Composer are committed after you click OK in the Page Properties dialog. Closing Composer without saving does not discard such changes.

Page access permissions set through the Personalize Pages page take effect after you click OK in the Set Page Access dialog.

To access the Security tab in the Page Properties dialog:

  1. Go to the page you want to secure, and open it in Composer.

    See Also:

    To open a page in edit mode (Composer), press Ctrl+Shift+E.

  2. Click Page Properties (Figure 26-2).

    Figure 26-2 Page Properties Button in Page Edit Mode

    Page Properties button in page edit mode
    Description of "Figure 26-2 Page Properties Button in Page Edit Mode"

  3. In the Page Properties dialog, click the Security tab (Figure 26-3).

    Figure 26-3 Home Space Page: Security Tab in Page Properties Dialog

    Security tab in Page Properties dialog
    Description of "Figure 26-3 Home Space Page: Security Tab in Page Properties Dialog"

  4. Follow the general steps for setting page access in Section 17.7, "Controlling User Access to a Page", beginning with Step 3.

26.2 Setting Access on a Page Component

There may be pages you want to expose to many users that have components you want only a select set of users—or even only one other user—to see. For example, imagine that you have created a space for all sales people. The space's home page includes two Announcements task flow instances: one for all sales people and one for sales managers only. You can secure the second Announcements instance so that only those users assigned the custom role sales_manager can see it.

Any component that has an associated Show Component property can be secured in this way. Those components that do not have an associated Show Component property can be placed inside a component that does, and in this way be secured. For example, you can place an Announcements task flow, which does not have an associated Show Component property, inside a Box component, which does. You can set the property on the Box, and that setting will also affect the display of Announcements.

See Also:

You can also set security on the custom components that you import through the Resource Manager. For more information, see Section 11.4.4, "Setting Security for a Resource."

To set access on a component instance:

  1. Go to the component instance you want to secure and access its Display Options properties.

    See Also:

    For information about accessing component properties, see Section 18.6, "Modifying Page Components."

  2. Open the Expression Builder by clicking the Edit icon to the right of the Show Component property and selecting Expression Builder (Figure 26-4).

    Figure 26-4 Expression Builder Option Next to Show Component

    Expression Builder option next to Show Component
    Description of "Figure 26-4 Expression Builder Option Next to Show Component"

  3. Under Type a Value or Expression, enter one of the following EL expressions:

    • To expose a component only to members of a particular scope who are assigned a particular role in that scope, enter:

      #{WCSecurityContext.userInScopedRole['role']}
      

      where role is a role name, such as Moderator.

      The scope is implicitly resolved to be the current scope:

      • If you use this EL in the Home space, it resolves to Home space GUID and roles defined at the application level.

      • If you use this EL in a space scope, it resolves to roles defined for the space.

    • To expose a component only to members of a group, enter:

      #{WCSecurityContext.userInGroup['group_name']}
      

      In lieu of group_name, enter the name of the group, for example Administrators.

    • To expose a component only to a specific user, enter:

      #{WCSecurityContext.currentUser['user_name']}
      

      In lieu of user_name, enter the user name, for example jdoe.

    See Also:

    For more information about EL expressions, see Appendix B, "Expression Language (EL) Expressions." For information about EL expressions relevant to security, see Section B.4.3, "EL Expressions Relevant to Application Security."

  4. Click OK to exit the Expression Builder, and click OK to save your changes and exit the Component Properties dialog.

  5. Click Save and then Close to exit Composer.

    The secured component appears only to those users with the name, role, or group you specified.