Setting Up Custom Task Authorization (Oracle Waveset 8.1.1 Deployment Guide)

Oracle Waveset 8.1.1 Deployment Guide

Setting Up Custom Task Authorization

Typically, you set authorization for custom tasks to restrict access to the task to a certain set of administrators.

To Set Up Authorization

Add a new authorization type (AuthType) to the repository for the task

Create a new AdminGroup (capability) for the task

Grant the new capability to one or more administrators

Step 1: Create an AuthType

The new authorization type you create should extend the existing TaskDefinition, TaskInstance, and TaskTemplate AuthTypes. To add the authorization type, edit the Authorization Types Configuration object in the repository and add a new authorization type element for your task.

Use the <AuthType> element to create a new authorization type. This element has one required property: name. The example below displays the correct syntax for an <AuthType> element.

After creating the authorization type, you must edit the Authorization Types Configuration object in the repository, and add the new <AuthType> element.

The following example shows how to add a custom task to move multiple users into a new organization.

Example 7–1 Moving Multiple Users into a New Organization

<Configuration name=’AuthorizationTypes’> 
   <Extension> 
      <AuthTypes> 
         <AuthType name=’Move User’ extends=’TaskDefinition,TaskInstance,TaskTemplate’/> 
      </AuthTypes> 
   </Extension> 
</Configuration>

Step 2: Create an AdminGroup

Next, create an AdminGroup that grants Right.VIEW for the newly created AuthType. To do this, you must create an XML file with the new administrator group, and then import it into the Waveset repository.

<?xml version=’1.0’ encoding=’UTF-8’?> 
<!DOCTYPE Waveset PUBLIC ’waveset.dtd’ ’waveset.dtd’> 
<Waveset> 
   <AdminGroup name=’Move User’ protected=’true’ description=’UI_ADMINGROUP_MOVE_USER_DESCRIPTION’ 
displayName=’UI_ADMINGROUP_MOVE_USER’ > 
      <Permissions> 
         <Permission type=’Move User’ rights=’View’/> 
      </Permissions> 
      <MemberObjectGroups> 
         <ObjectRef type=’ObjectGroup’ id=’#ID#All’ name=’All’/> 
      </MemberObjectGroups> 
   </AdminGroup> 
</Waveset>

The displayName and description attributes are message catalog keys. If these are not found in a message catalog, they are displayed as they are found in the attributes. If message catalog keys are used, you must add the messages either into WPMessages.properties or a custom message catalog.

Step 3: Grant Capabilities to Administrators

Finally, you must grant administrators access to execute the newly defined task. You can accomplish this in one of two ways:

Directly assign the new capability.
Add the new capability to an Admin Role (either directly or by using a capabilities rule), and then assign it.