The following three roles can be created:
An end user role. A desktop tab JDC (Java Developer Connection) is created in the display profile of this role. When a user is assigned to this role, the JDC tab is displayed on the desktop.
A role administrator role. Users in this role can add and remove users from the JDC role.
A role administrator role. Users in this role can add and remove channels from the JDC tab of the JDC role.
The following three users can be created:
An end user who may be assigned to the JDC role.
An user administrator for JDC role, who can add and remove users from the JDC role.
A tab administrator for JDC role, who can add and remove channels from the JDC tab container defined in the display profile of the JDC role.
Load the following ACIs. To load, type ldapmodify -D “cn=directory manager” -w -f acis.ldif.
acis.ldif
dn:dc=sample,dc=siroe,dc=com changetype:modify
# aci for JDCAdmin1 role add:aci aci: (target= "ldap:///ou=people,o=DeveloperSample,dc=red,dc=iplanet,dc=com") (targetattr = "*")(version 3.0; acl "Allow JDCAdmin1 Role to read and search users"; allow (read,search) roledn = "ldap:///cn=JDCAdmin1,o=DeveloperSample,dc=red,dc=iplanet,dc=com";) - add:aci aci: (target="ldap:///dc=red,dc=iplanet,dc=com") (targetfilter="(entrydn=cn=JDC,o=DeveloperSample,dc=red,dc=iplanet,dc=com)")(targetattr="*")(version 3.0; acl "Allow JDCAdmin1 Role to read and search JDC Role";allow (read,search) roledn="ldap:///cn=JDCAdmin1,o=DeveloperSample,dc=red,dc=iplanet,dc=com";) - add:aci aci: (target="ldap:///ou=people,o=DeveloperSample,dc=red,dc=iplanet,dc=com")(targetattr="nsroledn")(targetfilter="(!(|(nsroledn=cn=Top-level Admin Role,dc=red,dc=iplanet,dc=com)(nsroledn=cn=Top-level Help Desk Admin Role,dc=red,dc=iplanet,dc=com)(nsroledn=cn=Organization Admin Role,o=DeveloperSample,dc=red,dc=iplanet,dc=com)(nsroledn=cn=Top-level Policy Admin Role,dc=red,dc=iplanet,dc=com)))")(targattrfilters="add=nsroledn:(nsroledn=cn=JDC,o=DeveloperSample,dc=red,dc=iplanet,dc=com),del=nsroledn:(nsroledn=cn=JDC,o=DeveloperSample,dc=red,dc=iplanet,dc=com)")(version 3.0; acl "Allow JDCAdmin1 Role to add/remove users to JDC Role"; allow (write)roledn="ldap:///cn=JDCAdmin1,o=DeveloperSample,dc=red,dc=iplanet,dc=com";) - # aci for JDCAdmin2 role add:aci aci: (target="ldap:///cn=SunPortalportal1DesktopService,dc=red,dc=iplanet,dc=com")(targetfilter=(cn=cn=JDC,o=DeveloperSample,dc=red,dc=iplanet,dc=com))(targetattr="*")(version 3.0; acl "Allow JDCAdmin2 to edit display profile of JDC Role"; allow (all) roledn="ldap:///cn=JDCAdmin2,o=DeveloperSample,dc=red,dc=iplanet,dc=com";) - add:aci aci: (target="ldap:///dc=red,dc=iplanet,dc=com")(targetattr = "*") (version 3.0; acl "Allow JDCAdmin2 to read and search all"; allow (read,search) roledn = "ldap:///cn=JDCAdmin2,o=DeveloperSample,dc=red,dc=iplanet,dc=com";)
Log in to the Sun Java System Access Manager administration console as amAdmin and navigate to the DeveloperSample organization to do the following:
Log out of the Access Manager administration console and log in to the Portal Server management console to do the following:
Select Portals —> portal-ID —> Add DNs and search for role with filter JDC.
Select JDC, JDCAdmin1, and JDCAdmin2 role and click on add to add these roles to the location bar.
Select JDCAdmin2 role from the location bar.
Replace the tokens @SAMPLE_ORG@ and @DEFAULT_ORG@ with the roleDN for the JDC role (for example, cn=JDC,o=DeveloperSample,dc=sample,dc=siroe,dc=com) in the dp-orgadmin.xml file at PortalServer-base/export/dp/admin directory and select the upload display profile link in the tasks section to upload the dp-orgadmin.xml file from PortalServer-base/export/dp/admin directory.
Select Manage Channels and the Containers link.
Select the AdminTabPanelContainer in the tree and click on Show/Hide Channels/containers from the tasks section in the right frame.
Remove UserAdmin container from the available and selected list and click on save.
This removes the user administration channels for JDCAdmin2 role.
Click on back button and select JDCAdmin1 role from the location bar.
Repeat steps f and g and remove the channels and containers from the available and selected list and click on save.
This removes the content administration channels for JDCAdmin1 role.
Log out of the Portal Server management console and log in as jdcuadmin and jdctadmin (in the Developer Sample desktop) to view the administration channels in the Admin tab for these users.