> Administrator Guide > Security

Administrator Guide

     Previous  Next    Open TOC in new window  Open Index in new window  View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Security

You can control access to Studio data and portlets in two ways: by restricting access to the database and restricting access to the portlet. Access to Studio database tables is configured in the Studio Portlet Wizard; access to portlets is configured in the Portlet Editor.

This chapter includes the following sections:

 

Securing the Database Tables

You can control access to database tables by assigning appropriate privileges to different groups of users. For example, you might want to allow only project leaders to delete columns in the database. By default, every member in the Administrator group is given full access to the database, and everyone else is given read-only access to the database.

You can configure access privileges to a database table while you are creating a new portlet in the Studio Portlet Wizard, or you can change access privileges later through the Studio Database Wizard. You can launch the Studio Database Wizard when you click a database table name in the Studio Database Manager portlet.

For instructions on how you can access the Database Access Privileges page in the Studio Portlet Wizard, see Creating Portlets. For more information about editing the access privileges of database tables through the Studio Database Wizard, see Editing Database Tables.

Figure 7-1 Database Access Privileges Page in the Studio Portlet Wizard

Database Access Privileges Page in the Studio Portlet Wizard

Controlling Access

In the Database Access Privileges page of either the Studio Portlet Wizard or the Studio Database Wizard, specify the users and groups who can view, create, edit, and delete records in the database table associated with the portlet. The access privilege determines the level of portlet functionality available to each user. For example, users with the "Create New Records" access privilege can create records and submit them to the database.

To set the access privilege for a user or group of users, perform the following steps in the Database Access Privilege page:

  1. Click + Add Users or + Add Groups in the action bar. The User or Group dialog box displays.
  2. Expand the folders as necessary, then select the user or group for which you want to set access privileges.
  3. From the Access Privileges drop-down list, select the access privilege that you want to assign to the user or group.

    4. For more information on each access privilege, see Database Access Privileges.

  4. Click OK.

Denying Access

You can specify groups and users who cannot access the database.

Restricting Access to Specific Groups or Users

To prevent certain users or groups of users from accessing the database table, do the following in the Database Access Privilege page of the Studio Portlet Wizard or Studio Database Wizard:

  1. Under the groups section of the Database Access Privileges, select Everyone.
  2. Click Remove Groups.

    3. No one but administrators will be able to access the database table.

  3. Add the groups or users whom you want to be able to access the database table.

    4. Any group or user that you did not explicitly add in this page will not be able to access the database table.

Retracting Access Privileges

To retract access privileges from user or groups, do the following in the Database Access Privilege page of the Studio Portlet Wizard or Studio Database Wizard:

  1. Select the user or group that you no longer want to have access privileges to the database table.
  2. Click Remove Groups or Remove Users.

Database Access Privileges

The table below defines what activities a user or group of users can perform based on each access privilege:

Table 7-1 Database Access Privileges
 
Read Own Records
Read All Records
Create Records
Edit Own Records
Edit All Records
Delete Own Records
Delete All Records
Edit Database Structure
Read Only
X
X
           
Create New Records
X
X
X
         
Read and Write
X
X
X
X
X
     
Read, Write, and Delete
X
X
X
X
X
X
X
 
Read Own Only
X
             
Read and Write Own
X
 
X
X
       
Read, Write, and Delete Own
X
 
X
X
 
X
   
Full Access
X
X
X
X
X
X
X
X

 

Securing Portlets

You can control who can access portlets by assigning appropriate privileges to different groups of users. For example, you might want to allow only the management team to view the Sales Report portlet. By default, every member in the Administrator Group is given full access to the portlet.

You can configure the access privileges to a portlet after you save the portlet in the Portlet Editor.

Figure 7-2 Security Page in the Portlet Editor

Security Page in the Portlet Editor

To configure portlet security in the Portlet Editor:

  1. Log in to the portal as an administrator.
  2. Click Administration.
  3. Navigate to the folder that the portal administrator has created for storing Studio portlets.
  4. Click Portlet.
  5. Click the portlet whose security settings you want to set.

    6. The Portlet Editor displays.

  6. Under Edit Standard Settings, click Security.
  7. Configure security settings. For more information, see Controlling Access.
  8. When you are done configuring the security setting, click Finish in the Portlet Editor.

Controlling Access

In the Security page of the Portlet Editor, specify the users and groups who can access this portlet and what type of access they have. The access privilege determines the level of portlet functionality available to each user. For example, users with Select access privilege can add portlets to My Pages and community pages.

To allow additional groups to access the portlet:

  1. Click + Add Users/Groups in the action bar. The Choose User or Group dialog box displays.
  2. Select the user or group for which you want to set access privileges.
  3. Select whether or not you want the portlet to be mandatory for the user or group.

    4. If you mark this portlet as mandatory, it automatically appears in the user's default My Page. The user will not be able to remove the portlet. If you do not want the portlet to be mandatory, skip to the next step, otherwise:

    1. In the Mandatory drop-down list, select Mandatory.

      2. These users and groups will not be able to remove this portlet from their My Pages.

    2. Set the portlet priority in the Mandatory Portlet Priority drop-down list.

      3. The priority determines the portlet's placement on the My Page; portlets with higher priority display closer to the upper-left of the My Page than portlets with lower priority.

  4. Under the Privilege column, specify the type of access the user or group should have. Select the type of access in the drop-down list to the right of the user or group.

    5. For more information about the privileges and the rights they bestow to the user or group, see Portlet Privileges.

  5. Click Finish.

Retracting Access Privileges

To retract access privileges from user or groups, do the following in the Security page of the Studio Portlet Wizard:

  1. Select the user or group that you no longer want to have access to the portlet.
  2. Click Security Page in the Portlet Editor
  3. Click Finish.

Portlet Privileges

Portlet privileges bestow an increasing number of rights. Read access provides the least number of rights, while Admin access provides the most rights. Users or groups that are not added to the Security page of the Portlet Editor cannot access the portlet at all. They will not see the portlet even when they search for it.

The table below defines what activities a user or group of users can perform based on each access privilege:

Table 7-2 Portlet Privileges
 
See the Portlet
Add Portlet to Portal Pages
Modify Portlet
Delete Portlet
Change Security
Approve for Migration
Read
X
         
Select
X
X
       
Edit
X
X
X
     
Admin
X
X
X
X
X
X


  Back to Top       Previous  Next