Oracle® Fusion Middleware Administrator's Guide for Oracle WebCenter Collaboration 10g Release 3 (10.3.0.1) Part Number E12891-02 |
|
|
View PDF |
This chapter describes the security model used by Oracle WebCenter Collaboration. Oracle WebCenter Collaboration security is based on the use of roles and access levels. Additionally, activity rights are used to manage access to Oracle WebCenter Collaboration functionality. These concepts are described in the following sections.
Access to Oracle WebCenter Collaboration projects is set and managed through project roles. Roles control access levels and permissions for Oracle WebCenter Collaboration objects. Users are assigned to a project role, and the access level of the role determines the actions that the user can perform.
A portal user can access a project only when assigned a role in that project.
Oracle WebCenter Collaboration contains the following roles:
Table 3-1 Descriptions of Project Roles
Role assignments are project-specific, and the same portal user can have different roles in different projects. Additionally, under the same role, users can have different permissions in different projects, because the role itself can have one set of permissions in one project and a different set of permissions in another.
All Oracle WebCenter Collaboration objects have five levels of access that can be assigned to them. These access levels are:
Admin
Edit
Write
Read
No Access
Each access level includes the rights of all lower access levels.
Each role in a project has an associated access level for each object type. A user's access level to an object or functional area is determined by his or her assigned role in the project.
The following table shows what permissions each access level allows for each object type:
Table 3-2 Permissions Matrix
Read | Write | Edit | Admin | |
---|---|---|---|---|
Projects |
|
|
|
|
Events |
|
|
|
|
Tasks |
|
|
|
|
Document Folders |
|
|
|
Note: Users with Admin access to document folders cannot perform this task on document folders that are not moderated.
|
Document Files |
|
|
|
|
Discussions |
|
|
|
Note: Users with Admin access to discussions cannot perform this task on discussions that are not moderated.
|
Oracle WebCenter Collaboration provides default security settings for the Project Members and Project Guests roles that are automatically applied to a project when it is created. However, Project Leaders can change the default security settings for their individual projects. For more information, see Changing Default Permissions for Roles.
By default, all Oracle WebCenter Collaboration objects derive their security from the project security settings. Changes made to the project security settings apply immediately to all objects that are configured to inherit the default settings. These changes apply to the objects retroactively. Project Leaders can choose to disable this setting and configure security directly on an object. When this setting is disabled, an object retains its security setting regardless of the security settings of the rest of the functional area.
The access levels that can be assigned to Oracle WebCenter Collaboration objects are the same as those that can be set as the default security settings. Object-level security can be set for events, task lists, document folders, documents, and discussions.
To set security on an Oracle WebCenter Collaboration object:
Navigate to the object in the project application view.
Select the object in the table pane.
Click Edit Properties in the action bar.
Click the Security tab.
Clear the Inherit Default Security Settings check box.
Select the access level for Project Members and Project Guests.
Click Finish.
This section discusses:
A user who uploads a document, or other file, to a document folder is the owner of that file. By default, an owner has full control of the file and can perform all actions on the file.
Project leaders can remove default owner security settings from any file in the project. Additionally, users with Admin access to a file can remove default owner security settings from the file. You may want to remove owner security settings from a file if the owner is no longer participating in the project and consequently should not have high-level access privileges to the file.
To remove owner security settings from a file:
In the Documents application view page, select the check box of a file in the table pane.
From the Edit menu, select Properties.
The Property Editor appears.
Click the Security tab.
Select Permanently remove owner security settings from this document.
Click Finish.
By default, the contents of a folder -- including the contents of all of its subfolders -- are visible to Oracle WebCenter Collaboration content crawlers for importing into the Knowledge Directory. When a folder is inaccessible to content crawlers, its contents can still be manually published to the Knowledge Directory.
To set content crawler accessibility for a folder:
Select a project in the My Projects or Community Projects portlet.
Click the Documents tab in the application view.
Select the check box of a folder in the table pane.
From the Edit menu, select Properties.
Perform one of the following tasks:
To make the document folder accessible to content crawlers, select Accessible to Content Crawlers.
To make the document folder inaccessible to content crawlers, clear Accessible to Content Crawlers.
Click Finish.
This section discusses:
To manage the contents of a folder, you can assign a collection of users or a single user to moderate the folder. Folder moderators can approve or reject documents. Folder moderators with Admin access to the folder can edit documents before approving them. Documents in a moderated folder do not become publicly available unless approved by a moderator.
If a user has checked in changes to a document in a moderated folder, those changes are not visible until a moderator approves the changes. If a user has uploaded a document to a moderated folder, the document is not visible until a moderator approves the document.
When at least one moderator is set for a folder, that folder is marked as a moderated folder and anyone with Admin access to the folder can also act as a moderator.
When you assign moderators to a parent folder, all subfolders inherit the moderator list. If a subfolder of the parent folder already has a moderator list, the subfolder inherits changes made to the parent folder's moderator list. If all moderators are removed from a parent folder, the parent folder and all of its subfolders are no longer moderated.
When you add or remove a moderator from a folder, the moderator is subscribed to or unsubscribed from that folder.
To assign a moderator:
In the Documents application view page, right-click a folder in the navigation pane.
Click Edit Properties.
Make sure the Properties tab is selected in the Folder Editor.
Click Moderators.
In the Choose Users dialog box, select the project personnel whom you want to make moderators of this folder and click Finish.
In the Folder Editor, click Finish.
To manage the posting of messages in a discussion, you can assign a collection of users or a single user to moderate the discussion. Discussion moderators can approve or reject messages. Discussion moderators with Admin access to a discussion can edit messages before approving them. Messages posted in moderated discussions do not appear to users in the discussions unless approved by a moderator.
If a user has posted a message to a moderated discussion, that message is not visible until a moderator approves the message. If a user has edited a message in a moderated discussion, the changes is not visible until a moderator approves the change.
When at least one moderator is set for a discussion, that discussion is marked as a moderated discussion and anyone with Admin access to the discussion can also act as a moderator.
To assign a moderator to a discussion:
In the Discussions application view page, right-click a discussion in the navigation pane.
Click Edit.
Make sure the Properties tab is selected in the Folder Editor.
Click Moderators.
In the Choose Users dialog box, select the project personnel whom you want to make moderators of this folder and click Finish.
In the Folder Editor, click Finish.
Access to certain Oracle WebCenter Collaboration functionality is managed with portal activity rights. Collaboration Administrators who have been granted the Create Activities and Delegate Activities activity right can assign the Oracle WebCenter Collaboration activity rights to users.
Oracle WebCenter Collaboration uses the following activity rights to grant access to various functionality:
Table 3-3 Descriptions of Activity Rights
To grant an activity right to a user:
Log in to the portal.
Click the Administration tab.
From the Select Utility drop-down menu, select Activity Manager.
Click the activity right you want to edit.
Click Add Groups.
Select the group you want to add.
Click OK.
Click Finish.
For more information on using activity rights, see the Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter Interaction.