Skip Headers
Oracle® Fusion Middleware Building Portals with Oracle WebCenter Portal
11g Release 1 (11.1.1.8.3)

Part Number E27603-05
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

29 Managing Roles and Permissions for a Portal

This chapter describes the out-of-the-box WebCenter Portal roles for working with portals, and how to establish security on a portal by modifying permissions on these roles, or creating and managing custom roles.

This chapter includes the following topics:

Permissions:

To perform this task, you must be a portal moderator or a portal member with the Manage Membership permission in the portal. Users with this permission can manage portal members and their role assignments.

For more information about permissions, see Section 29.1, "About Roles and Permissions for a Portal."

29.1 About Roles and Permissions for a Portal

Out-of-the-box, WebCenter Portal includes default roles and permissions:

29.1.1 Understanding the Default Roles for a Portal

Table 29-1 describes the default roles in a portal.

Note:

These default roles are always available for portals based on out-of-the-box portal templates. Portals based on user-defined templates may offer a different set of default roles. The default permissions assigned to the default roles are shown in Table 29-2.

Table 29-1 Default Roles for Portals

Portal Role Description Modify Permissions Delete Role

Moderator

The Moderator role is automatically assigned to the creator of a portal. This role is automatically granted the highest level of permissions, as shown in Table 29-2.

The portal moderator or anyone with the portal Manage All permission can modify permissions as necessary and appropriate.

Yes (except for Manage All)

No

Participant

The Participant role is automatically granted the default permissions shown in Table 29-2.

Yes

Yes

Viewer

The Viewer role is automatically granted the default permissions shown in Table 29-2.

Yes

Yes

Authenticated-User

The Authenticated-User role is given to authenticated users of WebCenter Portal, with no access to portal information by default. Once logged in, users assigned this role always inherit any permissions granted to the Public-User role at the application level and in public portals.

To grant access to a portal, additional permissions must be granted by the portal moderator or anyone with the portal Manage All permission (see Section 29.3, "Viewing and Editing Permissions of a Portal Role").

Yes

No

Public-User

Any user with access to WebCenter Portal who is not logged in assumes the Public-User role. Users with the Public-User role have no access to portal information by default. Such users are anonymous, unidentified, and portal permissions must be granted explicitly by the portal moderator or anyone with the portal Manage All permission (see Section 29.3, "Viewing and Editing Permissions of a Portal Role").

Yes

No


29.1.2 Understanding Permissions and Permission Models in a Portal

Members can perform actions within a portal as specified by the permissions assigned to their role.

When assigning permissions to roles, moderators can choose to assign standard permissions, or switch to advanced permissions:

  • Standard permissions:

    • Administration permissions allow a moderator to assign the Manage All, Manage Configuration, or Manage Membership permission to a selected role.

    • Basic Services permissions collectively control access to pages, lists, events, links and notes. With additional permissions granted on specific tools or services (such as Announcements, Discussions, or Documents in standard permissions), or others through advanced permissions (see Table 29-3), also create, edit, and delete associated task flows and portlets on a page in the portal. For example, working with documents in a portal requires Documents permissions described in Table 29-3.

    • Announcements, Discussions, and Documents permissions allow a moderator to control access to announcements, discussions, and documents in the portal when these tools are enabled (see Section 39.2, "Enabling and Disabling Tools and Services Available to a Portal").

    • Assets permissions collectively control access to all resources types, including page templates, navigations, skins, resource catalogs, and so on.

    Table 29-2 lists the permission categories and permissions that are available with standard permissions.

  • Advanced permissions:

    Advanced Permissions provide a more granular set of permissions by replacing the collective set of Basic Services permissions with individual tools, services, and assets permissions.

    • Administration permissions allow a moderator to assign the Manage All, Manage Configuration, or Manage Membership permission to a selected role.

    • Separate categories allow a moderator to control the levels of access (for example, have full access by granting Create, Edit, and Delete permissions or some access by granting one or more of the following permissions: Create, Edit, Delete, or View) to the individual tools, services, and assets listed in Table 29-3.

    While advanced permissions give you more flexibility over role assignments, they can become complex to manage and maintain.

It is the portal template that determines the default permission model for a portal. Portals that are based on out-of-the-box portal templates adopt the standard permissions by default, but moderators can switch to advanced permissions if required. However, if you switch to using advanced permissions for a portal, you cannot revert to standard permissions. For more information, see Section 29.4, "Using Advanced Permissions."

Note:

Permissions do not inherit the privileges of "lesser" permissions. Therefore, be careful to assign the appropriate set of permissions to allow users to perform required actions. For example, whenever you assign the Create permission, select the View permission too.

Table 29-2 Portal Permissions - Standard Permissions

Permission Category Permissions Roles Granted Permission By Default

Administration

Manage All - Enable access to all portal Administration pages, except Pages and Assets.

  • To access portal pages, page and asset permissions must be granted.

  • To access portal assets, asset permissions must be granted.

Includes Manage Configuration and Manage Membership permissions.

Moderator
 

Manage Configuration - Same as the Manage All permission but excludes security privileges. Users with this permission cannot access the Roles and Members pages.

  • To access portal pages, page and asset permissions must be granted.

  • To access portal assets, asset permissions must be granted.

Users with this permission must be allowed to view the portal.

 
 

Manage Membership - Enables access to the Roles and Members pages in the portal administration settings. On these pages, users can create, edit, and delete members and roles for the portal.

 

Basic Services

(Lists, Events, Links, and Notes)

Edit Page Access, Structure, and Content - Create and edit pages in the portal. With Edit Assets permission, also delete pages. Manage page access and edit page properties. Create, edit, and delete list data, events, links, and notes. With permissions on specific tools or services, also create, edit, and delete associated task flows and portlets. For example, working with documents in a portal requires Documents permissions.

Specifically, users with this permission can perform the following operations on a portal page:

  • Lists - Create, edit, and delete list data.

  • Events - Create, edit, delete, and view events.

  • Links - Create and delete links.

  • Notes - Create, edit, delete, and view notes.

Moderator
 

Edit Page Access and Structure - Manage page access and edit properties of pages in the portal. With permissions on specific tools or services (Table 29-3), also create, edit, and delete associated task flows and portlets. Create, edit, and delete list data, events, links, and notes.

Moderator
 

Customize Pages and Edit Content - Customize personal view of pages in the portal. Add and remove list data, events, links, and notes.

Moderator
Participant
 

View Pages and Content - View pages, lists, events, and notes. With permissions on specific tools or services (Table 29-3), view associated task flows and portlets.

Moderator
Participant
Viewer
Public-User (in public portals)

Announcements (available when the Announcements tool is enabled)

Create, Edit, and Delete Announcements - Perform any operation on announcements associated with the portal.

Moderator
 

Create and Edit Announcements - Create announcements. Edit and delete announcements that you create.

Users with this permission must be allowed to view announcements.

 

View Announcements - View announcements in the portal.

Assets

Create, Edit, and Delete Assets - Create, edit, and delete assets owned by the portal, such as page, templates, navigations, resource catalogs, skins, page styles, Content Presenter templates, task flow styles, task flows, and data controls.

Moderator
 

Create Assets - Create new assets for the portal.

 

Edit Assets - Edit assets owned by the portal.

 

Discussions (available when the Discussions tool is enabled)

Create, Edit, and Delete Discussions - Perform any operation on discussions associated with the portal; create topics and replies. Edit and delete any topic or reply.

Moderator
 

Create and Edit Discussions - Create topics and replies. Edit topics and replies that you create.

Users with this permission must be allowed to view discussions.

 

Reply To Discussions - Reply to existing topics and edit replies that you create.

Users with this permission must be allowed to view discussions.

 

View Discussions - View discussions.

Documents (available when the Documents tool is enabled)

See also Section 34.6.1, "Document Permissions Not Working in a Portal"

Administration - Configure document workflows and access control settings.

For more information, see Chapter 34, "Working with Document Task Flows and Document Components."

Moderator
 

Delete Documents - Delete any folder and any file in the portal. Users with this permission can also move folder and files.

Users with this permission must be allowed to create and view folders and files.

Moderator
 

Create and Edit Documents - Create files, wikis, blogs, and folders, and upload files. Edit and delete files, wikis, blogs, and folders that you create. Delete other files and folders if permissions allow.

Users with this permission must be allowed to view folders and files.

Moderator
 

View Documents - Browse files, folders, wikis, and blogs.

Note: In a subportal, when you grant the View Documents permission to the Public-User role, the Authenticated-User role is also automatically granted the View Documents permission.

Moderator

Table 29-3 Portal Permissions - Advanced Permissions

Permission Category Permissions Roles Granted Permission By Default

Administration

Manage All - Enable access to all portal administration pages, excepts Pages and Assets.

  • To access portal pages, page and asset permissions must be granted.

  • To access portal assets, asset permissions must be granted.

Includes Manage Configuration and Manage Membership permissions.

Moderator
 

Manage Configuration - Same as the Manage All permission but excludes security privileges. Users with this permission cannot access the Roles and Members pages.

  • To access portal pages, page and asset permissions must be granted.

  • To access portal assets, asset permissions must be granted.

Users with this permission must be allowed to view the portal.

 

Manage Membership - Enables access to the Roles and Members pages in the portal administration settings. Through these pages, users can create, edit and delete members and roles for the portal.

Pages

Create, Edit, and Delete Pages - Create and edit pages in the portal. With Edit Assets permission, delete pages. Manage page access and edit page properties. Create, edit, and delete lists, events, links, and notes. With permissions on specific tools or services, also create, edit, and delete associated task flows and portlets.

Moderator
 

Create Pages - Create pages in the portal.

 
 

Edit Pages - Edit page properties and content for any page in the portal.

Moderator
 

Delete Pages - With Edit Assets permission, delete pages in the portal.

 
 

Customize Pages - Customize personal view of pages in the portal. Add and remove list content, events, links, and notes.

Moderator
Participant
 

View Pages - View pages, lists, events, and notes. With permissions on specific tools or services, view associated task flows and portlets.

Moderator
Participant
Viewer
Public-User (in public portals)

Announcements (available when the Announcements tool is enabled)

Create, Edit, and Delete Announcements - Perform any operation on announcements associated with the portal.

Moderator
 

Create and Edit Announcements - Create announcements. Edit and delete announcements that you create.

Users with this permission must be allowed to view announcements.

 

View Announcements - View announcements.

Content Presenter Templates

Create, Edit, and Delete Content Presenter Templates - Create, edit and delete Content Presenter display templates for the portal.

 
 

Create Content Presenter Templates - Create Content Presenter display templates for the portal.

 
 

Edit Content Presenter Templates - Edit portal-level Content Presenter display templates.

For more information, see Chapter 26, "Working with Content Presenter Templates."

 

Data Controls

Create, Edit, and Delete Data Controls - Create, edit and delete data controls for the portal.

 
 

Create Data Controls - Create data controls for the portal.

 
 

Edit Data Controls - Edit portal-level data controls.

For more information, see Section 28.2, "Working with Data Controls."

 

Discussions (available when the Discussions tool is enabled)

Create, Edit, and Delete Discussions - Perform any operation on discussions associated with the portal; create topics and replies. Edit and delete any topic or reply.

Moderator
 

Create and Edit Discussions - Create topics and replies. Edit topics and replies that you create.

Users with this permission must be allowed to view discussions.

 

Reply To Discussions - Reply to existing topics and edit replies that you create.

Users with this permission must be allowed to view discussions.

 

View Discussions - View discussions.

Documents (available when the Documents tool is enabled)

See also Section 34.6.1, "Document Permissions Not Working in a Portal"

Administration - Configure document workflows and access control settings.

For more information, see Chapter 34, "Working with Document Task Flows and Document Components."

Moderator
 

Delete Documents - Delete any folder and any file in the portal. Users with this permission can also move folder and files.

Users with this permission must be allowed to create and view folders and files.

Moderator
 

Create and Edit Documents - Create files, wikis, blogs, and folders, and upload files. Edit and delete files, wikis, blogs, and folders that you create. Delete other files and folders if permissions allow.

Users with this permission must be allowed to view folders and files.

Moderator
 

View Documents - Browse files, folders, wikis, and blogs.

Note: In a subportal, when you grant the View Documents permission to the Public-User role, the Authenticated-User role is also automatically granted the View Documents permission.

Moderator

Events (available when the Events tool is enabled)

Create, Edit, and Delete Events - Create, edit and delete events for the portal.

Create Events - Create events.

Edit Events - Edit any event.

Delete Events - Delete any event.

 

View Events - View events.

Moderator
Participant
Viewer
Public-User (in public portals)

Links

Create and Delete Links - Create and delete links between objects, and manage link permissions.

Create Links - Create links between objects.

Delete Links - Delete a link between two objects.

 

Lists (available when the Lists tool is enabled)

Create, Edit, and Delete Lists - Create, edit, and delete lists and list data.

Create Lists - Create lists.

Edit Lists - Edit list column definitions.

Delete Lists - Delete any list.

Edit List Data - Add, edit, and delete list data.

 

View Lists - View lists and list data.

Moderator
Participant
Viewer
Public-User (in public portals)

Task Flow Styles

Create, Edit, and Delete Task Flow Styles - Create, edit and delete task flow styles for the portal.

Create Task Flow Styles - Create task flow styles for the portal.

Edit Task Flow Styles - Edit portal-level task flow styles.

For more information, see Section 28.4, "Working with Task Flow Styles."

 

Navigations

Create, Edit, and Delete Navigations - Create, edit and delete navigations for the portal.

 
 

Create Navigations - Create navigations for the portal.

 
 

Edit Navigations - Edit portal-level navigations.

For more information, see Chapter 22, "Working with Portal Navigation."

Moderator

Notes

Create, Edit, and Delete Notes - Create, edit and delete notes for the portal.

Create Notes - Create notes for the portal.

Edit Notes - Edit portal-level notes.

Delete Notes - Delete notes in the portal.

 
 

View Notes - View notes in the portal.

For more information, see Chapter 51, "Adding Personal Notes to a Portal."

Moderator
Participant
Viewer
Public-User (in public portals)

Page Styles

Create, Edit, and Delete Page Styles - Create, edit and delete page styles for the portal.

Create Page Styles - Create page styles for the portal.

Edit Page Styles - Edit portal-level page styles.

For more information, see Chapter 25, "Working with Page Styles."

 

Page Templates

Create, Edit, and Delete Page Templates - Create, edit and delete page templates for the portal.

Create Page Templates - Create page templates for the portal.

Edit Page Templates - Edit portal-level page templates.

For more information, see Chapter 21, "Working with Page Templates."

 

Resource Catalogs

Create, Edit, and Delete Resource Catalogs - Create, edit and delete resource catalogs for the portal.

Create Resource Catalogs - Create resource catalogs for the portal.

Edit Resource Catalogs - Edit portal-level resource catalogs.

For more information, see Chapter 23, "Working with Resource Catalogs."

 

Skins

Create, Edit, and Delete Skins - Create, edit and delete skins for the portal.

Create Skins - Create skins for the portal.

Edit Skins - Edit portal-level skins.

For more information, see Chapter 24, "Working with Skins."

 

Task Flows

Create, Edit, and Delete Task Flows - Create, edit and delete task flows based on a task flow style for the portal.

Create Task Flows - Create task flows for the portal.

Edit Task Flows - Edit portal-level task flows.

For more information, see Section 28.3, "Working with Task Flows."

 

29.1.3 Understanding Custom Roles in Portals

If the default roles do not meet the requirements of your portal, moderators can define custom roles that better suit portal members. See Section 29.2, "Defining Custom Roles for a Portal."

Alternatively, moderators can modify the permissions assigned to the default roles. See Section 29.3, "Viewing and Editing Permissions of a Portal Role."

29.2 Defining Custom Roles for a Portal

If the default roles provided by WebCenter Portal do not meet the needs of the portal, you can define custom roles to better suit the requirements of your members.

To create a new role for a portal:

  1. In the portal administration (see Section 7.1, "Accessing Portal Administration"), click Security in the left navigation pane, then click the Roles subtab (Figure 29-1).

    Tip:

    You can also navigate to this page using the direct URL provided in Section A.7, "Pretty URLs for Pages in a Specified Portal."

    Figure 29-1 Portal Administration: Roles Page

    Description of Figure 29-1 follows
    Description of "Figure 29-1 Portal Administration: Roles Page"

  2. To define a new role for this portal, click Create Role.

    The Create Role dialog opens (Figure 29-2).

    Figure 29-2 Creating a New Role for a Portal

    Description of Figure 29-2 follows
    Description of "Figure 29-2 Creating a New Role for a Portal"

  3. Enter a suitable Role Name. Names can contain alphanumeric characters, blank spaces, @, and underscores. Ensure that role names are self-descriptive to make it as obvious as possible which member should belong to which roles.

  4. Enter a Description for the role.

  5. Optionally, select a Role Template.

    The new role inherits permissions from the role template. You can modify these permissions in the next step. If you do not select a role template, the new role is created with no permissions.

    Choose Moderator to create a role that inherits full administrative privileges for the portal. Choose Viewer (if available) to create a role starting with minimal, view-only privileges.

  6. Click OK.

    The new role appears as a column in the table on the Roles page.

  7. To modify permissions for the role, click Edit Permissions, and then select or deselect each permission check box. For details, see Section 29.3, "Viewing and Editing Permissions of a Portal Role.".

    Take care to assign appropriate access rights when assigning permissions for new roles. Do not allow users to perform more actions than are necessary for the role but at the same time, try not to restrict them from activities they must perform.

29.3 Viewing and Editing Permissions of a Portal Role

If the permissions assigned to a user role do not meet the needs of the portal, or you want to change previously assigned permissions, you can modify the permissions to better suit your role requirements.

Note:

The Moderator role permission Manage All cannot be modified.

To change the permissions assigned to a role:

  1. In the portal administration (see Section 7.1, "Accessing Portal Administration"), click Security in the left navigation pane, then click the Roles subtab (Figure 29-3).

    Tip:

    You can also navigate to this page using the direct URL provided in Section A.7, "Pretty URLs for Pages in a Specified Portal."

    Figure 29-3 Portal Administration: Roles Page

    Description of Figure 29-3 follows
    Description of "Figure 29-3 Portal Administration: Roles Page"

  2. Select the role you want to change, then click Edit Permissions to open the Edit Permissions dialog for the selected role.

  3. In the Edit Permissions dialog, select or deselect the check boxes to enable or disable permissions for a role (Figure 29-4). See Table 29-2, "Portal Permissions - Standard Permissions".

    Note:

    Take care to assign appropriate access rights when assigning permissions for new roles. Do not allow users to perform more actions than are necessary for the role but at the same time, try not to inadvertently restrict them from activities they need to perform.

    Figure 29-4 Modifying Permissions for a Portal (Standard Permissions)

    Description of Figure 29-4 follows
    Description of "Figure 29-4 Modifying Permissions for a Portal (Standard Permissions)"

  4. Click Save.

New permissions are effective immediately.

Note:

For information about granting access to individual pages in a portal, refer to Section 13.15, "Setting Page Security."

29.4 Using Advanced Permissions

Advanced permissions are detailed permissions that give you more flexibility over role assignments, but can become complex to manage and maintain. For example, you can set create, edit, view, and delete permissions for individual tools and assets, rather than setting the same permission for all tools or all asset types.

If you switch to using advanced permissions, you cannot revert to standard permissions. For more information, see Section 29.1.2, "Understanding Permissions and Permission Models in a Portal."

To use advanced permissions:

  1. In the portal administration (see Section 7.1, "Accessing Portal Administration"), click Security in the left navigation pane, then click the Roles subtab (Figure 29-5).

    Tip:

    You can also navigate to this page using the direct URL provided in Section A.7, "Pretty URLs for Pages in a Specified Portal."

    Figure 29-5 Portal Administration: Roles Page

    Description of Figure 29-5 follows
    Description of "Figure 29-5 Portal Administration: Roles Page"

  2. Click Advanced Permissions.

    A warning message displays (Figure 29-6).

    Figure 29-6 Switching to Advanced Permissions

    Description of Figure 29-6 follows
    Description of "Figure 29-6 Switching to Advanced Permissions"

  3. Click OK to continue.

  4. In the Edit Permissions dialog, select or deselect the check boxes to enable or disable permissions for a role (Figure 29-7). See Table 29-3, "Portal Permissions - Advanced Permissions".

    Note:

    If you are working with a portal that was imported from a previous version of WebCenter Portal, you may see different permissions. Such permissions are only provided for migration purposes and do not apply to any new portals that you create with this release.

    Figure 29-7 Modifying Permissions for a Portal (Advanced Permissions)

    Description of Figure 29-7 follows
    Description of "Figure 29-7 Modifying Permissions for a Portal (Advanced Permissions)"

  5. Click Save.

New permissions are effective immediately.

Note:

For more detailed information about granting access permissions to a portal, and to individual pages within a portal, refer to Section 4.4, "Granting Users Access to a Portal".

29.5 Deleting Roles in a Portal

When a role is no longer required, the portal moderator can remove it from the portal. This helps maintain a valid role list and prevents inappropriate role assignment.

To delete a role in a portal:

  1. In the portal administration (see Section 7.1, "Accessing Portal Administration"), click Security in the left navigation pane, then click the Roles subtab (Figure 29-8).

    Tip:

    You can also navigate to this page using the direct URL provided in Section A.7, "Pretty URLs for Pages in a Specified Portal."

    Figure 29-8 Portal Administration: Roles Page

    Description of Figure 29-8 follows
    Description of "Figure 29-8 Portal Administration: Roles Page"

  2. Select the role you want to delete, then click Remove Role.

    Note:

    The Moderator, Public-User, and Authenticated-User roles cannot be deleted.

  3. In the Delete Role confirmation dialog, click Delete to confirm that you want to delete the role.