User Management Guide

User Management Overview

This guide describes the role of users in your portal application and provides instructions on adding and managing those users.

This chapter, which provides an overview of user management, includes the following sections:

• Overview of Users and Groups
• Overview of Group Hierarchy
• Overview of User Profiles and Property Sets
• Creating User Properties and Users
• Managing Anonymous and External Users

 

---

Overview of Users and Groups

WebLogic Portal supports management of two primary types of users: portal administrators and portal end users (visitors). An administrator uses the WebLogic Administration Portal to manage portal content and portal users, and to build portals with existing portal resources. A visitor is an end user of the portals assembled by portal administrators.

As an administrator of users, you can combine users into user groups to simplify management and administration of users. Groups allow you to create logical groupings of users for ease of organization, more easily finding users, and for setting up delegated administration and visitor entitlements. The ability to group users allows you to deal with large sets of users at one time.

A child group is a subset of a higher-level group (parent), and you can model your organizational hierarchy into a collection of groups and subgroups to whatever depth you need. This makes it easy for you to structure your users into groups and subgroups that look like your organization, making it easier for you to manage those users. For more information about groups and subgroups, see the Overview of Group Hierarchy.

Administrators with full user/group management rights can add, remove, move, and change user profile properties on the users and groups in the WebLogic Administration Portal. User properties, such as address, phone number, social security number, and so on, can be used in setting up personalization and defining rules for Delegated Administration and Visitor Entitlements. For more on user information, see the Overview of User Profiles and Property Sets.

Multiple Authentication Providers

WebLogic Portal lets you access more than one user database (authentication provider), letting you select users and groups from multiple databases. For information on using more than one authentication provider, see "Using Multiple Authentication Providers in Portal Development" in the WebLogic Workshop help system at http://download.oracle.com/docs/cd/E13226_01/workshop/docs81/doc/en/portal/security/securityMap.html.

 

---

Overview of Group Hierarchy

A group, also known as a user-group, is a named collection of users in the user management system. Groups provide a convenient way to refer to a related group of users, such as a department, team, or regional office.

Because groups can belong to other groups, they provide a way to easily sub-classify users with a group hierarchy tailored to fit your needs.

For example, you might have a top-level group called AllEmployees that contains all of the employees in your company. The AllEmployees group might then contain other groups, each of which contains just the employees of offices in various geographic locations:

• AllEmployees (group containing all employees)
• NewYork (group containing just employees in New York)
• Executive
• Marketing
• Sales
• Custodial
• SanFrancisco (group containing just employees in San Francisco)
• Seattle (group containing just employees in Seattle)
• Denver (group containing just employees in Denver)

 

---

Overview of User Profiles and Property Sets

A user profile is a schema that determines which data you collect and store about a user. Similarly, a group profile is a schema that determines which data you collect and store about a specific group of users. Each piece of data in a user profile is called a user property. A user profile is the entire collection of user property values for a user from all available user property sets.

User properties can range from statically-defined properties, such as a user's Social Security number, to dynamically-created and persisted properties, such as Web-site tracking information for a particular user, or user preferences entered from a standard input screen.

User profiles use property sets to organize the properties that they contain. A property set is a convenient way to give a name to a group of properties for a specific purpose.

A property set type establishes a set of expectations for how a property set is used. For example, a property set for users called "personal" could contain such properties as age, gender, marital status, and social security number. Another property set called "preferences" could contain such properties as hobby, favorite color, and news preference.

User profiles are a key component in Interaction Management. When users log in to a portal, the portal knows all their property values and can target them with personalized content, e-mails, and discounts based on the personalization rules you set up.

Security and User Profiles

User profiles are a key component in portal security. When you use visitor entitlements to limit end user access to portal resources (desktops, books, pages, portlets, and other resources), the visitor entitlements can be defined with user properties. For example, you could create an visitor entitlement role called "manager" that says, "If a user who logs in has an "employee_type" property with a value of "manager," that user belongs to the "manager" role. You could then select a portlet and set its visitor entitlement to the "manager" role. Then, when a manager logs in, the manager sees the portlet. If a non-manager logs in, the person does not see the portlet.

User profiles also play a role in setting up delegated administration. You can create delegated administration roles using, among other things, user properties.

Note: When setting up visitor entitlements and delegated administration in the WebLogic Administration Portal, you will see the following option: "The user has specific characteristics." This is the option you use to select user profile properties in defining the visitor entitlement or delegated administration role.

For more information, see Visitor Entitlements and Delegated Administration in this guide.

 

---

Creating User Properties and Users

This section describes how to create the properties you want to make part of each user's profile, then describes different ways to add users to the system.

Creating User Profile Properties

To create properties that will be part of the profile for each user (and group), use the User Profile Property Designer in WebLogic Workshop. For more information, see "Creating User Profile Properties" in the WebLogic Workshop help system at http://download.oracle.com/docs/cd/E13226_01/workshop/docs81/doc/en/portal/buildportals/UserProfileProperties.html.

After you have deployed your portal application to production, any modifications you make to user profile properties in WebLogic Workshop, you must redeploy the EAR file to the production server. For detailed information on EAR deployment, see the Production Operations User Guide.

Creating Users

There are different ways of setting up or identifying users in your portals. You are likely to use many of these ways:

• Adding Users with the WebLogic Administration Portal
• Adding Users with the WebLogic Administration Console
• Letting Users Add Themselves

Adding Users with the WebLogic Administration Portal

You can add users and organize them into groups in your domain using the WebLogic Administration Portal.

To access the WebLogic Administration Portal:

On the production server: With the server running, enter the following URL in a browser: http://<server>:<port>/<portalApp>Admin. For example, http://localhost:7001/greatAppAdmin.

On your development server: You can use the same method as used on the production server, or you can use WebLogic Workshop. With your portal application open and the development server running, choose Portal --> Portal Administration.

Once in the WebLogic Administration Portal, select the "Users & Groups" tool to add users and groups.

For detailed instructions on adding users through the WebLogic Administration Portal, see the WebLogic Administration Portal help system's "Users and Groups" topics at http://download.oracle.com/docs/cd/E13218_01/wlp/docs81/adminportal/index.html#usersgroups.

Adding Users with the WebLogic Administration Console

You can add users and organize them into groups in your domain using the WebLogic Administration Console. Add users this way for convenience if you work frequently in the WebLogic Administration Console rather than in the WebLogic Administration Portal.

For instructions on creating users and groups, see Security in the WebLogic Administration Console help system documentation.

To access the WebLogic Administration Console:

On the production server: With the server running, enter the following URL in a browser: http://<server>:<port>/console. For example, http://localhost:7001/console.

On your development server: You can use the same method as used on the production server, or you can use WebLogic Workshop. With the development server running, choose Tools --> WebLogic Server --> WebLogic Console.

Once in the WebLogic Administration Console, go to Security --> Realms --> [your_realm] and select Users or Groups to add either.

Letting Users Add Themselves

You can build functionality into your portal application that lets users add themselves to the domain. Use any of the following features:

<ugm:createUser> - The WebLogic Workshop Portal Extensions <ugm:createUser> JSP tag lets you add users to the domain. See the WebLogic Workshop help system at http://download.oracle.com/docs/cd/E13226_01/workshop/docs81/doc/en/portal/taglib/www.bea.com/servers/p13n/tags/userGroupManagement/createUser.html.

User Provider Control - The Create User control lets you add user-creation functionality to Java Page Flows and surface that functionality in portlets. See the WebLogic Workshop help system at http://download.oracle.com/docs/cd/E13226_01/workshop/docs81/doc/en/portal/controls/portalcontrols/ctrlUserProvider.html.

WebLogic Portal API - The WebLogic Workshop Portal Extensions API provides user management classes for creating users. See the com.bea.p13n.controls.ejb.usermgmt.UserManager class in the WebLogic Portal Javadoc at http://download.oracle.com/docs/cd/E13218_01/wlp/docs81/javadoc.

 

---

Managing Anonymous and External Users

For information on working with anonymous users, see Anonymous Users in this guide.

For information on accessing user profile properties stored outside of WebLogic Portal, see Unified User Profiles in this guide.