> Administrator Guide > Managing Portal Users and Groups

Administrator Guide

     Previous  Next    Open TOC in new window  Open Index in new window  View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Managing Portal Users and Groups

This chapter describes the portal conventions for user and group management and provides the steps you take to implement managed access to portal objects. It includes the following sections:

 

About Portal Roles, Groups, Users, and Profiles

In the portal, a role is not an object, rather a way of thinking about administrative responsibilities. For example, the Knowledge Directory manager role is not an object you define; it relates to administrative responsibilities for those who manage contents of the Knowledge Directory.

A group is an object you configure. A group contains other groups and users, as well as any activity rights assignment for group members. A group can have static membership and membership that changes dynamically based on properties of users' profiles or their memberships in other groups.

A user is an object that corresponds to a user account. You configure new users based on profile templates, known as default profiles. Profiles are objects you configure. They contain information about users, such as name, job title, and so forth.

Activity rights determine which portal objects a user can create and which portal utilities a user can execute to create or modify portal objects.

Access privileges determine which portal objects a user can browse or edit, which objects appear in search results, and which can be added to My Pages and Community pages.

You implement security for portal access and portal activities in a manner similar to implementing security for other network, domain, and system objects—by managing a hierarchy of the objects that determine access privileges and activity rights.

The default portal installation creates the following group, user, and profile objects, with default access privileges and activity rights.

Table 3-1 Installed Groups, Users, and Profiles
Group, User, or Profile
Default Access Privileges and Activity Rights
Administrator Group
All
Everyone Group
Read and Edit Own Profile access
Administrator
All
Default Profile
n/a
Guest Profile
n/a

As a portal administrator, one of your first tasks is to delegate and share the administrative role by defining the access privileges and activity rights for administrative groups, and then assigning to these groups the users and groups of users that are the basis for your deployment plan.

Caution: By default, you can log in to the administrative portal as Administrator with no password. If the default Administrator password has not yet been changed, you should do so as soon as possible. Make sure that you document the change and inform the appropriate portal administrators.

Before you begin the task of managing portal groups and users, familiarize yourself with your deployment plan. If you plan to leverage group configurations from an existing Active Directory or LDAP authentication source, you might proceed differently from an administrator who plans to manage portal groups using the default portal authentication source. For example, if you plan on using an LDAP authentication source, you might import users, groups, and profile information first and then proceed with configuration of role-based group rights assignments. If you plan to add users to your portal by invitation and manage them through the portal authentication source, you might create the groups first and then add the invited users to these groups.

For detailed information on developing a plan to manage the administrative roles, groups, and users for your enterprise portal, refer to the Deployment Guide for BEA AquaLogic User Interaction G6.

The topics in this chapter describe the following basic steps you take to add users and to manage user access privileges and activity rights:

  1. Develop a plan to delegate portal administrative roles.
  2. Configure role-based groups and associate them with activity rights.
  3. Configure default profiles for user account types.
  4. Add groups and users to these groups.
  5. Configure Access Control Lists (ACLs) for access privileges in the Administrative Object directory.

 

Delegating Activity Rights

Before you create portal groups, you should become familiar with the definition and scope of the administrative tasks you plan to delegate, and you should develop a plan for assigning the responsibilities and rights for these administrative roles to groups of users. In terms of portal objects, roles are not objects that you configure. Roles are associations between groups and activity rights. In Configuring Groups, you configure group objects to enable administrative roles. In Adding Users, you add child groups and users to the groups. This section describes the activity rights that are defined by default during installation. Use the information provided in this section to develop your plan to delegate specific activity rights to the administrative groups and users you configure in the sections that follow.

Table 3-2 summarizes the activity rights that are defined by default in the portal. If you encounter cases that require rights not covered by the defaults, you can create custom activity rights. For information on creating custom activity rights, see Creating Custom Activity Rights.

Table 3-2 also provides an example map between activity rights and administrative roles. Roles are related to the specific activity rights required to perform a job function. In the example, the role called Content Manager provides the activity rights required to populate the portal with document records crawled from remote content sources: Access Administration, Access Utilities, Create Admin Folders, Create Content Types, Create Content Crawlers, Create Content Sources, and Create Jobs. A separate role called Knowledge Directory Manager provides the activity rights required to create Knowledge Directory structure: Access Smart Sort, Access Unclassified Documents, Access Utilities, Advanced Document Submission, Create Filters, Create Folders, Edit Knowledge Directory, and Self-Selected Experts. Although some users might fill both roles, others might not. By creating two separate roles, you can assign rights for one or both roles to one or many groups.

Table 3-2 Mapping a Relationship Between Rights and Roles
Activity Rights
Example Roles
Portal Manager
Content Manager
Knowledge Directory Manager
Access Administration
Allows users to see the Administration tab and access the administrative object hierarchy.
x
x
 
Access Experience Rules Manager
Allows users to access the Experience Rules Manager administrative interface.
x
   
Access Search Results Manager
Allows users to access the Search Results Manager administrative interface.
x
   
Access Smart Sort
(Create Taxonomists)
Allows users to create new smart-sort.
x
 
x
Access Unclassified Documents
Allows users to see the Unclassified Documents folder in Edit mode of the Knowledge Directory.
x
 
x
Access User Profile Manager
Allows users to access the User Profile Manager.
x
   
Access Utilities
Allows users to see the Select Utility drop-down list in Administration. Users can also access the Approve Directory Content and Object Migration utilities, but need additional rights to access other utilities.
x
x
x
Advanced Document Submission
Allows users to specify advanced options when submitting a document to the Knowledge Directory.
x
 
x
Create Activities
Allows users to create new portal activities. A user must have this right to use the Activity Manager utility.
x
   
Create Admin Folders
Allows users to create new administrative folders.
x
x
 
Create Authentication Sources
Allows users to create new authentication sources.
x
   
Create Communities
Allows users to create new communities and subcommunities.
x
   
Create Community Infrastructure
Allows users to create new community templates and page templates.
x
   
Create Content Crawlers
Allows users to create new content crawlers.
x
x
 
Create Content Sources
Allows users to create new content sources.
x
x
 
Create Content Types
Allows users to create new content types.
x
x
 
Create Experience Definitions
Allows users to create new experience definitions.
x
   
Create External Operation
Allows users to create new external operations.
x
   
Create Federated Searches
Allows users to create new incoming and outgoing federated searches.
x
   
Create Filters
Allows users to create new filters.
x
 
x
Create Folders
Allows users to create new Knowledge Directory folders.
x
x
x
Create Groups
Allows users to create new groups.
x
   
Create Invitations
Allows users to create new invitations.
x
   
Create Jobs
Allows users to create new jobs.
x
x
 
Create Portlets
Allows users to create new portlets.
x
   
Create Profile Sources
Allows users to create new profile sources.
x
   
Create Properties
Allows users to create new properties.
x
x
 
Create Snapshot Queries
Allows users to create new snapshot queries and corresponding results portlet.
x
x
 
Create Users
Allows users to create new users and profiles.
x
   
Create Web Service Infrastructure
Allows users to create new remote servers, Web services, portlet templates, and portlet bundles.
x
x
 
Delegate Rights
Allows users to delegate activity rights to other users. Users can delegate only activities to which they have rights themselves.
x
x
x
Edit Knowledge Directory
Allows users to enter Edit mode in the Knowledge Directory.
x
 
x
Edit Own Profile
Allows users to modify the values of their own user profiles.
x
   
Edit Profile Layout
Allows users to modify the Profile sections in the User Profile Manager.
x
   
Self-Selected Experts
Allows users to specify themselves as experts on Knowledge Directory folders.
x
 
x

Use Table 3-2 to create your own map that delegates administrative rights and responsibilities to roles.

Creating Custom Activity Rights

You can also create custom portal activities. For example, if you have an inventory control system accessed through the portal and only certain users are allowed to edit it, you can create an Edit Inventories activity. You can then create inventory-control portlets that verify whether a user has the correct activity right prior to receiving access to the portlet.

To create, modify, or delete custom portal activity rights:

  1. Click Administration.
  2. In the Select Utility drop-down list, click Activity Manager.
  3. Manage the activity rights as described in the online help, and click Finish.

 

Configuring Groups

This section provides procedures for creating the portal groups to which you grant role-specific activity rights. Before you perform the task of creating portal groups, make sure you have created a plan to share portal administration responsibilities, following the guidelines in the Deployment Guide for BEA AquaLogic User Interaction G6 and the overview of roles, groups, and users in About Portal Roles, Groups, Users, and Profiles.

If you plan to import users and groups from an existing authentication source, such as LDAP or Active Directory, you might want to import them first and then follow the procedures in this section to add users to groups. For information on importing users and groups from an authentication source, see Importing Users and Groups from Authentication Sources.

To create a group:

  1. Click Administration.
  2. From the Create Objects drop-down list, choose Administrative Folder and create a folder to store the groups you will create. For example, you might want to name the folder Roles.
  3. Open the folder you just created.
  4. From the Create Objects drop-down list, choose Group.
  5. Specify a name that describes the group, such as Content Managers.
  6. If you have already imported or created the users for this group, add them as described in the online help. Otherwise, you can assign group membership when you import or create the users.
  7. Click Finish.

Configuring Dynamic Group Membership

You may want to have users automatically added to, or removed from, groups based on properties in their user profiles. For example, you may want to give users access to a community based on their location, title, department, or any other property in their profile. Because some properties can change frequently, you can set up dynamic group membership rules so that when selected properties change, users are automatically added to, or removed from, a group.

To create dynamic group membership rules:

  1. Click Administration.
  2. Open the Group Editor:
    • To edit an existing group, navigate to the group and click the group name.
    • To create a new group, navigate to an existing administrative folder or create a new one in which to store the group. In the Create Object drop-down list, click Group.
  3. On the left, under Edit Object Settings, click Dynamic Membership Rules.
  4. Set up rules as described in the online help, and click Finish.

If you add or change dynamic membership rules for a group, dynamic members are updated for this group after you click Finish. Otherwise, dynamic memberships are updated for all groups as part of a job (the Dynamic Membership Update Agent). When user profile data changes, the resulting dynamic group membership changes are updated as part of this job. For more information, see About Jobs.

 

Configuring Default User Profiles

Default profiles are templates for new users. Default profiles configure the initial My Account settings, the name and number of My Pages, and the layout of the portlets on those My Pages.

Before you add users to your portal, configure the default profiles you want to apply to the users you will add. For example, if all technical writers should have certain mandatory portlets on their default My Pages, configure a default profile for this purpose and apply the profile to these users when you add them.

Create multiple profiles to apply to the different types of users you anticipate.

To configure default profiles:

  1. Click Administration.
  2. In the Select Utility drop-down list, select Default Profiles.
  3. In the Create Object drop-down list, select User.
  4. Enter a name for the default profile, and click Finish.

To edit the layout of a default profile:

  1. Click Administration.
  2. In the Select Utility drop-down list, select Default Profiles.
  3. Select the profile that you want to customize. You can only edit the layout of one profile at a time.
  4. Click Edit Profile Layout.
  5. Specify My Account settings, create My Pages, and change the My Pages' layouts.
  6. Click Finish.

 

Adding Users

This section provides procedures for adding users to the portal. When you add users, you configure group memberships and apply a default profile. This section describes the following options for adding users to the portal:

Maintaining Groups, Users, and Profiles with Identity Services

This section provides procedures for adding the users and groups that are already defined in your enterprise in existing authentication sources, such as Active Directory, LDAP, or Windows domain sources. This section includes the following topics:

For information on installing AquaLogic Interaction Identity Services on a remote server host computer, refer to the product documentation provided with your software.

Importing Users and Groups from Authentication Sources

An authentication source enables you to import users, groups, and group memberships into the portal from an external authentication server. After you have imported the users, the authentication source authenticates portal logins.

If you plan to import users with an AquaLogic Interaction Identity Service, such as AquaLogic Interaction Identity Service - LDAP or AquaLogic Interaction Identity Service - Active Directory, follow the product documentation provided with that software instead of the procedures in this guide.

The following table describes the steps you take to import users, groups, and group memberships from a remote authentication server.

Table 3-3 Importing Users, Groups, and Group Memberships from an External Authentication Server
Basic Step
Procedure
Create a remote server.
  1. Click Administration.
  2. Navigate to an existing administrative folder or create a new one in which to store the portal objects needed for authentication.
  3. In the Create Object drop-down list, select Remote Server.
  4. Configure connection information for the remote server as described in the online help.
  5. Click Finish.
Create an authentication Web service.
  1. In the Create Object drop-down list, select Web Service - Authentication.
  2. Associate the Web service with the remote server you just created, and configure connection information for the Web service as described in the online help.
  3. Click Finish.
Configure an authentication source and associated synchronization job.
  1. In the Create Object drop-down list, select Authentication Source - Remote.
  2. In the Select Web Service dialog box, select the Web service you just created.
  3. Configure authentication and synchronization preferences, apply default profiles, and associate a synchronization job according to the online help.

    4. Before you can run the synchronization job, you must associate the folder that contains the job with an Automation Service. For information on associating folders with an Automation Service, see Automating Administrative Tasks.

  4. Click Finish.
Verify that the correct profiles were applied to users and that portal groups contain only the groups and users you specified when you configured the authentication source.
  1. Run the synchronization job.
  2. Navigate to the administrative folder that contains the users you imported.
  3. Click a user account that you are familiar with and verify the correct group and profile configuration has been applied.

Importing User Profiles from Profile Sources

A profile source enables the portal to use an external source to define user properties that can be searched by portal users, forwarded to portlets to authenticate portlet access, or for other purposes.

If you plan to import profile information with an AquaLogic Interaction Identity Service, such as AquaLogic Interaction Identity Service - LDAP, follow the product documentation provided with that software instead of the procedures in this guide.

The following table describes the steps you take to import user properties from an external source.

Table 3-4 Importing User Properties from an External Source
Basic Step
Procedure
Create a remote server.
  1. Click Administration.
  2. Navigate to an existing administrative folder or create a new one in which to store the portal objects needed for importing user profiles.
  3. In the Create Object drop-down list, select Remote Server.
  4. Configure connection information for the remote server as described in the online help.
  5. Click Finish.
Create a profile Web service.
  1. In the Create Object drop-down list, select Web Service - Profile.
  2. Associate the Web service with the remote server you just created, and configure connection information for the Web service as described in the online help.
  3. Click Finish.
Configure a profile source.
  1. In the Create Object drop-down list, select Profile Source - Remote.
  2. In the Select Web Service dialog box, select the Web service you just created.
  3. Map fields in the profile source to portal profile properties, and associate a job to import profile properties as described in the online help.

    4. Before you can run the job, you must associate the folder that contains the job with an Automation Service. For information on associating folders with an Automation Service, see Automating Administrative Tasks.

  4. Click Finish.
Verify that the profile properties you imported have been properly applied.
  1. Run the synchronization job.
  2. Navigate to the administrative folder that contains the users you imported.
  3. Click a user account that you are familiar with and verify the profile is configured as expected.

Creating Users

If your enterprise does not use third-party authentication sources, you can use a portal utility to create users. Users you create with the portal utility, users who self-register, and users added by invitation are included in the AquaLogic Interaction Authentication Source.

To create a user:

  1. Click Administration.
  2. Open an administrative folder.
  3. In the Create Object drop-down list, click User.
  4. Edit the Main Settings page as described in the online help.
  5. Click Finish.

Allowing Users to Create Their Own Accounts

The portal enables users to create their own accounts by clicking Create an Account on the Login page. These users are stored in the portal's Default Experience Definition folder and are are included in the AquaLogic Interaction Authentication Source.

Users who self-register are granted access privileges based on the settings for the default profile named Default Profile. Based on this security, users can personalize their views of the portal with My Pages, portlets, and community memberships, and can view portal content.

Adding Users with Invitations

Invitations allow you to direct potential users to your portal, making it easy for them to create their own user accounts and letting you customize their initial portal experiences with content that is of particular interest to them.

You should create a single invitation for all potential users who should be added to the same portal groups and should see the same communities, portlets, and My Pages when they first log in to your portal.

To accept the invitation, the user clicks the link included in the e-mail and follows the directions to create a new user to log in to the portal. When the user logs in, the portlets, content, and communities specified in the invitation are displayed to the new user.

Users added by invitation are included in the AquaLogic Interaction Authentication Source.

To create an invitation:

  1. Click Administration.
  2. Open an administrative folder.
  3. In the Create Object drop-down list, click Invitation.
  4. Configure the profile and group information for the invited user as described in the online help.
  5. Click Finish.

After creating an invitation, you need to send the invitation.

To send an invitation:

  1. Click Administration.
  2. Navigate to the invitation you want to send.
  3. Select the invitation you want to send and click Send Invitation.
  4. Click Create New Invitation Link.
  5. Specify the maximum number of times you want this link to be accessed and the date you want this link to expire.
  6. To generate the link, click Finish.
  7. To display the invitation link, click its name. Copy and paste the invitation link into an e-mail.
  8. To close the Invitation Link dialog box, click Finish.
  9. To close the Send Invitation Editor, click Finish.

 

Managing User Profiles and User Accounts

This section provides procedures for managing user profiles and user accounts. It includes the following topics:

Deleting Users

To delete a user:

  1. Click Administration.
  2. Navigate to the user.
  3. Select the user you want to delete and click .

To delete a user whose account is locked:

  1. Click Administration.
  2. In the Select Utilities drop-down list, click Release Disabled Logins.
  3. Select the user you want to delete and click .
  4. Click Finish.

Managing User Profiles

Profile information, such as name and job title, is stored with user objects as properties. You can use the User Profile Manager to specify which properties are sent to portlets when requested.

The values for specific properties are set either by the user on the Edit User Profile screen or by a profile source.

To specify which user properties are sent to portlets:

  1. Click Administration.
  2. In the Select Utility drop-down list, click User Profile Manager.
  3. Define how user profiles are displayed and which user properties are sent to portlets as described in the online help.
  4. Click Finish.

Auditing User Accounts and Actions

The portal logs user activities, which allows you to query for actions taken by particular users, actions taken on a particular administrative object, or actions taken within a specified time period.

Note: You should configure activity logging to adequately meet the security auditing needs of your portal deployment and then implement procedures for periodically reviewing the audit records.

Configuring User Activity Auditing

To configure user activity auditing:

  1. Click Administration.
  2. In the Select Utility drop-down list, click Audit Manager.
  3. Complete the configuration according to the online help.
  4. Click Finish.

Archiving Audit Messages

The Audit Log Management agent moves audit messages from the portal database into a collection of archive files and deletes old archive files based on the settings you configure in the Audit Manager. The Audit Log Management agent runs in the Audit Log Management Job, created upon installation and stored in the Intrinsic Operations folder. By default, this job runs daily. For information on configuring the Audit Log Management agent, see Running Portal Agents.

Querying Audit Information

To query the database for audit entries:

  1. Click Administration.
  2. In the Select Utility drop-down list, click Audit Manager.
  3. On the left, under Edit Utility Settings, click Create Audit Query.
  4. Define your query as described in the online help.
  5. Click Finish.

Deleting Audit Messages and Archives

When you configure user activity auditing, you can specify the frequency with which audit messages are deleted automatically.

To delete messages and archives immediately:

  1. Click Administration.
  2. In the Select Utility drop-down list, click Audit Manager.
  3. Specify the messages and archives to delete as described in the online help.
  4. Click Finish.

Locking and Unlocking User Accounts

You lock user accounts to disable access to the portal. You can configure automatic locking based on repeated failed login attempts, or you can lock user accounts any time with the User Editor.

Automatically Locking User Accounts

To configure account locking for failed login attempts:

  1. Click Administration.
  2. In the Select Utility drop-down list, click Portal Settings.
  3. On the User Settings Manager page, enable account locking and specify how long failed logins are tracked, the total number of failed logins required before an account will be locked, and the number of minutes for which automatically locked accounts remain locked.

    4. Your individual security needs will determine what settings to use for automatic account locking. For example, to meet a strength of password function rating of SOF-basic as defined in the Common Criteria for Information Technology Security Evaluation, Version 2.3, August 2005 (found at http://niap.bahialab.com/cc-scheme/cc_docs/), you might set the following values:

    • Minutes to track failed Logins: 60 minutes or more
    • Number of failed Login attempts allowed: 5 or fewer
    • Minutes to keep user account locked: 60 minutes or more
  4. Click Finish.

Manually Locking User Accounts

To lock a user account:

  1. Click Administration.
  2. Navigate to the user whose account you want to lock and click the user name.
  3. Select Disable Login.
  4. Click Finish.

Unlocking User Accounts

The lock on accounts that are locked automatically will eventually expire, but you can remove account locks with the Release Disabled Logins utility or the User Editor.

The following table describes how to unlock user accounts that have been locked in particular ways.

Table 3-5 Unlocking User Accounts 
Type of Lock
To remove the lock:
Admin Lock
A portal administrator locked the user account.
To remove a lock with the Release Disabled Logins utility:
  1. Click Administration.
  2. In the Select Utilities drop-down list, click Release Disabled Logins.
  3. Manage the lock as described in the online help.
  4. Click Finish.
To remove a lock with the User Editor:
  1. Click Administration.
  2. Navigate to the user whose account you want to unlock and click the user name.
  3. Clear the check box next to Disable Login.
  4. To immediately release the user account lock, click Finish.
Automatic Lock
If the user repeatedly types the wrong user name or password when logging into the portal, the portal locks the account. The number of login attempts allowed before the user is locked out is determined in the Portal Settings utility.
Locks on accounts that are locked automatically eventually expire.
Agent Lock
A user account might be locked if it is not found in the external authentication server during a synchronization job. This lock might be unexpected if the synchronization job did not find the user because the job failed.
Users can remove the lock by specifying the correct credentials the next time they log in.
To remove the locks for all affected users:
  1. Click Administration.
  2. Navigate to the authentication source and click its name.
  3. On the left, under Edit Object Settings, click Fully Synchronized Groups.
  4. Click Re-Enable Users. Unlocking these accounts may take a few minutes.
  5. Click Finish.

Managing User Credentials for Existing Applications

You can enable users to access existing Web applications through the portal. For example, users may need to access an employee benefits system. If they access the benefits system through the portal, they do not have to enter their login credentials separately for that application, and can continue to have the convenience of the portal context, personalization, and navigation.

To manage user credentials, you can create a lockbox for each application the user needs to access through the portal. Then, users enter their credentials for each lockbox in their My Account settings.

For more information on integrating applications, see Using Portlets to Access Existing Web Applications.

To create a lockbox:

  1. Click Administration.
  2. In the Select Utility drop-down list, click Credential Vault Manager.
  3. Click New Lockbox and create a lockbox as described in the online help.
  4. Click Finish to close the Credential Vault Manager.

To supply login credentials for lockboxes, users do the following:

  1. Click My Account.
  2. Click Password Manager.
  3. For each application listed (corresponding to a lockbox), enter the user name and password used to access that application.
  4. Click Finish.

 

Setting User Access Privileges

After you have imported users and groups into the portal, you can configure access control lists (ACL) to manage privileges to folders in the Administrative Objects Directory. You can also set access control lists for objects within folders. The default portal installation includes the following folders in the Administrative Objects Directory.

Table 3-6 Folders in the Administrative Objects Directory 
Folder
Default ACL
Administrative Resources
This folder contains the following objects created at installation: users, groups, the AquaLogic Interaction Authentication Source, the WWW content source, properties, content types, and federated search objects.
Administrators Group - Admin access
Everyone Group - Read access
Intrinsic Operations
This folder contains external operations and intrinsic jobs, such as Search Update, Document Refresh, and Weekly Housekeeping. The folder is registered with the primary Automation Service.
Administrators Group - Admin access
Portal Resources
This folder contains intrinsic portlets and Web services, as well as page, community, and portlet templates.
Administrators Group - Admin access
Everyone Group - Read privilege
Default Experience Definition
This folder contains the users associated with the default experience definition. Upon installation, one user is associated with the default experience definition—Administrator.
Administrators Group - Admin access
Everyone Group - Read access

Users in the Administrators group have full access to all portal objects. Other users can be assigned the following access privileges:

By default, newly created objects inherit the ACL configuration of their parent folder.

The following table describes the minimum access required to perform actions on an object.

Table 3-7 Access Requirements 
Action
Minimum Access Required on:
Object
Source Folder
Target Folder
View
Read
Read
n/a
Modify
Edit
Read
n/a
Create
n/a
Edit
n/a
Copy
Admin
Read
Edit
Move
Admin
Edit
Edit
Delete
Admin
Edit
n/a

The Everyone group always has Read access to the following types of portal objects:

To set the ACL on folders in the Administrative Objects Directory:

  1. Click Administration.
  2. Select the folder and click the Edit Subfolder button.
  3. On the left, under Edit Standard Settings, click Security.
  4. Edit the ACL by adding groups, users, and their privileges according to the online help.
  5. Click Finish.

By default, newly created objects inherit the ACL configuration of their parent folder. If subfolders require different configuration from their parent, modify the ACL for the subfolders as needed. You can also set the security on objects within a folder by editing the Security page in that object's editor.

 

Directing Users to Experience Definitions

Experience definitions define the user experience by controlling the branding, styles, navigation, and features of the portal pages the user sees. You can set up rules to evaluate which experience definition any given user should see. The rules can be based on the URL the user uses to access the portal, the user's IP address, the user's group memberships, or when the user navigates to a specific community. For more information, see Configuring Experience Definitions.


  Back to Top       Previous  Next