This chapter provides a high level overview of administrative roles.
The purpose of this chapter is to assist in developing a plan to assign administrative responsibility for managing portal objects.
What users read, select, and modify in the portal is controlled by access control lists and activity rights.
An access control list (ACL) is a list of privileges associated with each folder or object in the portal. You can add users and groups to the ACL of an object in order to grant permission to perform certain tasks, such as viewing or modifying the object.
For details on using ACLs in the portal, see the Administrator Guide for Oracle WebCenter Interaction.
You can associate activity rights with users and groups to allow users to perform specific tasks within the portal. For example, the Access Administration activity right allows a user to see the Administration tab in the portal and to access the administrative object hierarchy. There are a number of activity rights built into the portal. You can also create custom activity rights.
For more information on activity rights, including a full list of activity rights built into the portal, see the Administrator Guide for Oracle WebCenter Interaction.
When creating a group hierarchy, begin with the users with the least rights and work towards the most powerful users. A group inherits the rights of its parent group, so the broadest groups with the least rights should be parent to more specific groups with greater rights.
For example, the engineering department creates an Engineer group (for all members of the department). The QA subset of the engineering department requires special access to certain bug tracking software, so a QA group should be created with the Engineer group as a parent. Administrative tasks on the bug tracking software is restricted to QA managers, so a group inheriting from the QA group is created for QA managers.
The Everyone group is the parent of all groups. All members of the Everyone group have the right to read and access their own profile.
The Administrator group is a child of all groups and has access to everything.
The following table provides suggested activity rights for common roles found in an Oracle WebCenter deployment:
The Administrative Object Directory is a hierarchical folder structure that stores administrative objects.
Administrative objects include such objects as content services, portlets, and users. Each folder groups objects by object type. Each object’s permissions default to the ACL of the folder.
For details on the Administrative Object Directory, see the Administrator Guide for Oracle WebCenter Interaction.
The following guidelines can assist you in planning an administrative object hierarchy:
Start by creating the hierarchy for communities and portlets (including portlet bundles) only and hide the administrative objects created during installation. For example, move all objects meant for administrators to a particular folder and restrict access to the folder so that end-users will not see it if they browse the hierarchy.
The organization of the objects meant for administrators should be based on administrative structure or topic.
Creating a staging system for development and testing allows the Oracle WebCenter administrator to test object security. For information on object migration, see Migration and Staging.