Overview of Security

The fundamentals of portal security are user authentication and user authorization. Authentication means the correct user is granted access to a specified portal or to a specified private or restricted area. After the user has been authenticated, authorization means the correct user is granted access to the specified portal resource, now that the system recognizes the user. Some of the core components of authentication and authorization are Entitlements and Delegated Administration.

There are three different layers that portal security depends upon:

• User credentials
• Security policies
• Role policies

Other key factors in portal security are associating users with roles and groups and creating security policies that map the access of portal resources. In addition, user credential management, network security, and WebLogic Server security can affect portal security.

As an administrator, you should have a clear understanding of how Entitlements and Delegated Administration work. You should also be comfortable with role policies and security policies.

The WebLogic Administration Portal is a major factor in implementing security on top of WebLogic Server by provides the following functionality that can play a vital role in portal security:

• Creating users
• Creating groups
• Mapping users to groups and roles
• Creating Delegated Administration roles
• Mapping users to those roles
• Creating portals and portal resources
• Controlling user and administrator access to portal resources with Entitlements

Related Topics:

• Overview of Delegated Administration
• Overview of Visitor Entitlements
• Overview of Users and Groups