Deployment Planning Guide

     Previous  Next    Open TOC in new window  Open Index in new window  View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Defining Administrative Roles

This chapter provides a high level overview of administrative roles.

The purpose of this chapter is to assist in developing a plan to assign administrative responsibility for managing portal objects.

 


Access Control Lists and Activity Rights

What users read, select, and modify in the portal is controlled by access control lists and activity rights.

Access Control Lists

An access control list (ACL) is a list of privileges associated with each folder or object in the portal. You can add users and groups to the ACL of an object in order to grant permission to perform certain tasks, such as viewing or modifying the object.

For details on using ACLs in the portal, see the Administrator Guide for Oracle WebCenter Interaction.

Activity Rights

You can associate activity rights with users and groups to allow users to perform specific tasks within the portal. For example, the Access Administration activity right allows a user to see the Administration tab in the portal and to access the administrative object hierarchy. There are a number of activity rights built into the portal. You can also create custom activity rights.

For more information on activity rights, including a full list of activity rights built into the portal, see the Administrator Guide for Oracle WebCenter Interaction.

 


Creating a Group Hierarchy

When creating a group hierarchy, begin with the users with the least rights and work towards the most powerful users. A group inherits the rights of its parent group, so the broadest groups with the least rights should be parent to more specific groups with greater rights.

For example, the engineering department creates an Engineer group (for all members of the department). The QA subset of the engineering department requires special access to certain bug tracking software, so a QA group should be created with the Engineer group as a parent. Administrative tasks on the bug tracking software is restricted to QA managers, so a group inheriting from the QA group is created for QA managers.

The Everyone group is the parent of all groups. All members of the Everyone group have the right to read and access their own profile.

The Administrator group is a child of all groups and has access to everything.

 


Assigning Activity Rights

The following table provides suggested activity rights for common roles found in an Oracle WebCenter deployment:

Role
Suggested Activity Rights
Content/Document Administrator
  • Access Administration – to access the administration hierarchy
  • Edit Knowledge Directory – to create new document folders
  • Create Content Services – to create new Content Services
  • Create Data Sources – to access secured documents
  • Create Document Types – to force metadata onto documents
  • Create Filters – to automatically manage folders
  • Create Jobs – to run jobs
  • Access Utilities – to approve documents
  • Access Smart Sort – to re-sort entire folders of already categorized documents
Community Creator
  • Access Administration
  • Create Communities – to create communities
  • Create Community Infrastructure – to create community and page templates
Portlet Creator
  • Access Administration
  • Create Portlets – to create portlets
  • Create Web Service Infrastructure – to create the remote server and web service to create truly custom portlets
Group/User Creator
  • Access Administration
  • Create Admin Folders – to make new admin folders to store users
  • Create Experience Definitions – to modify the user experience of users
  • Access Utilities – to create default profiles to apply initial layouts to users
  • Create Authentication Sources – to create authentication sources
  • Create Jobs
  • Create Profile Sources – to apply user information to synchronized users
  • Create Groups – to create groups
  • Create Users – to create users
  • Delegate Rights – to delegate rights to users (create activity groups)

 


Defining an Administrative Object Hierarchy

The Administrative Object Directory is a hierarchical folder structure that stores administrative objects.

Administrative objects include such objects as content services, portlets, and users. Each folder groups objects by object type. Each object’s permissions default to the ACL of the folder.

For details on the Administrative Object Directory, see the Administrator Guide for Oracle WebCenter Interaction.

The following guidelines can assist you in planning an administrative object hierarchy:

 


Managing Quality through Object Migration

Creating a staging system for development and testing allows the Oracle WebCenter administrator to test object security. For information on object migration, see Migration and Staging.


  Back to Top       Previous  Next