Oracle® Fusion Middleware Administrator's Guide for Oracle WebCenter 11g Release 1 (11.1.1) E12405-10 |
|
Previous |
Next |
This chapter describes how to manage users, roles, and permissions in WebCenter Spaces. It includes the following sections:
Audience
The content of this chapter is intended for WebCenter Spaces administrators. Users granted the WebCenter Spaces Administrator
role or a custom role that grants the Application-Manage
permission).
Refer to Section 24.3, "Adding Users to the Embedded LDAP Identity Store" if you are a Fusion Middleware Administrator responsible for security-sensitive administrative duties that require configuration through Fusion Middleware Control or WLST.
Read this section to understand more about WebCenter users, application roles, and permissions granted to WebCenter users working in their personal space. It includes the following subsections:
Section 34.1.4, "Understanding Discussions Server Role and Permission Mapping"
Section 34.1.5, "Understanding Group Space Roles and Permissions"
When a WebCenter user becomes a member of a group space, a different set of roles and responsibilities apply. See "What You Should Know About Group Space Roles and Permissions" in Oracle Fusion Middleware User's Guide for Oracle WebCenter.
A WebCenter user is an member of WebCenter Spaces—provisioned directly from an existing identity store. See also, Section 24.3, "Adding Users to the Embedded LDAP Identity Store."
All users in the identity store are assigned minimal WebCenter Spaces privileges through the Spaces-User
role. The only exception is the Fusion Middleware Administrator (weblogic
). Out-of-the-box, the Fusion Middleware Administrator is the only user assigned full administrative privileges through the Administrator
role. For more information, read the next section Section 34.1.2.1, "Default Application Roles".
It is the Fusion Middleware Administrator's job to assign each WebCenter user an appropriate application role. Alternatively, the Fusion Middleware Administrator may choose to assign the Administrator
role to another user and delegate this responsibility.
Table 34-1 Default Administrator in WebCenter Spaces
User | Description |
---|---|
Fusion Middleware Administrator (weblogic) |
Administrator for the entire application server, sometimes referred to as the super administrator. This user can manage any application on the server, including WebCenter Spaces. |
WebCenter Spaces supports self-registration. When new WebCenter users self-register, they create their own login and password and a new user account is created in the identity store. See also, Section 34.4, "Allowing Self-Registration".
Application roles control the level of access a user has to information and services in WebCenter Spaces. Specifically, application roles determine what a user can see and do in their personal space.
Application role assignment is the responsibility of the WebCenter Spaces administrator. Administrators can assign users a default application role or create additional, custom roles specific to their WebCenter Spaces application. For more detail, see:
Application roles only apply while a user is working within their personal space. Within a particular group space a different set of roles and permissions apply and it is the group space moderator's responsibility to determine suitable role assignments for each of its members. See also "Managing Group Space Roles and Permissions" in Oracle Fusion Middleware User's Guide for Oracle WebCenter.
Note: Application roles and permissions defined within WebCenter Spaces are stored in its policy store and, consequently, apply to this WebCenter Spaces application only. Enterprise roles are different; enterprise roles are stored within the application's identity store and do not imply any permissions within WebCenter Spaces. |
WebCenter Spaces provides several default application roles that cannot be deleted (Table 34-2).
Table 34-2 Default Application Roles for WebCenter Spaces
Application Role | Description | Modify? |
---|---|---|
Administrator |
Users with the Administrators can also manage users and roles for WebCenter Spaces, delegate or revoke privileges to/from other users, manage group spaces and group space templates, and also import and export group space information. Out-of-the-box, the Fusion Middleware Administrator is the only user assigned full WebCenter Spaces administrative privileges through the |
Yes* *Except for Application permissions which are read-only |
Spaces-User |
Authenticated users of WebCenter Spaces are granted the This role inherits permissions from the In WebCenter Spaces, the |
Yes |
Public-User |
Anyone with access to WebCenter Spaces who is not logged in, is granted the In WebCenter Spaces, the |
Yes |
Custom application roles (sometimes known as user-defined roles) are specific to your WebCenter Spaces application. When setting up WebCenter Spaces, it is the WebCenter Spaces administrator's job to identify which application roles are required, choose suitable role names, and define the responsibilities of each role.
For example, an education environment might require roles such as Teacher, Student, and Guest. While roles such as Finance, Sales, Human Resources, and Support would be more appropriate for a corporate environment.
To learn how to set up applications roles for WebCenter users, see Section 34.3.2, "Defining Application Roles."
Every application role has specific, defined capabilities known as permissions. These permissions allow individuals to perform specific actions in their personal space. Permissions are categorized as follows and listed individually in the subsequent tables:
Application
Group Spaces
Group Space Templates
Pages
Discussions
Links
People Connections
With a particular category, the Manage
permission (such as Group Spaces-Manage
) contains all other permissions (for example, Group Spaces-Configure
and Group Spaces-View
). No permission, except Manage
, inherits privileges from other permissions.
Table 34-3 Application Permissions in WebCenter Spaces
Category | Application Permissions |
---|---|
Application |
Manage - Enables access to all WebCenter Spaces Administration pages: General, Security, Personal Space, Group Spaces, and Services. Through these pages, users can manage application security (users/roles), set application-wide properties, create business role pages, manage everyone's personal pages, view group spaces accessible to them, as well as export/import group spaces and group space templates. Some administrative tasks are exclusive to the out-of-the-box Configure - Same as the View - Enables users to view the WebCenter Spaces application. |
Group Spaces ) |
Manage - Enables access to the group space Settings page (General, Roles, Members, Pages, Services, Custom Attributes). Through these pages users can manage group space membership, assign permissions and roles, manage, delete, and export group spaces, set group space properties, and manage service availability. Configure - Same as the View - View group spaces. Create -Create group spaces. |
Group Space Templates |
Manage - Enables users to manage and delete any group space templates that is accessible to them. View - Enables user to view group space template information and create group spaces based on a template. Create - Users can create group space templates. |
Pages |
Manage - Edit properties of a personal page, set personal page permissions, and all other page actions. Delete - Delete a personal page. Edit - Add or edit personal page content, rearrange content, and set page parameters and properties. Personalize - Personalize your view of a personal page by adding, editing, or removing content. View - View a personal page. Create - Create or design a new personal page. These permissions do not apply to group space pages. Group space page permissions are granted on a per group space-basis by the group space moderator. |
Discussions |
Manage - Manage categories, forums, and topics on the back-end discussions server. Set discussion forum properties for all group spaces. See also, Section 34.1.4, "Understanding Discussions Server Role and Permission Mapping". |
Links |
Manage - Create and delete links between objects, and manage link permissions. Delete - Delete a link between two objects. Create - Create links between objects. |
People Connections |
Manage -Manage application-wide settings for People Connection services. Edit -Edit content associated with People Connection services. Share -Share content associated with People Connection services with others. |
WebCenter Spaces uses application roles to manage user permissions in personal spaces and group space roles to manage user permissions with a group space. On the Oracle WebCenter Discussions server, a different set of roles and permissions apply.
Users who are working with discussions and announcements in WebCenter Spaces automatically map to the appropriate Oracle WebCenter Discussions server role, see Table 34-4 and Table 34-5.
Table 34-4 Discussions Server Roles and Permissions - Application
Discussion Server Role | Discussion Server Permissions | WebCenter Spaces Equivalent Application Permission |
---|---|---|
Administrator |
Category Admin |
Create, read, update and delete sub categories, forums and topics inside the category for which permissions are granted. |
Table 34-5 Discussions Server Roles and Permissions - For Group Spaces
Discussion Server Role | Discussion Server Permissions | WebCenter Spaces Equivalent Group Space Permissions |
---|---|---|
Moderator |
Category Admin Forum Admin |
|
Read Forum Create Thread Create Message Create Announcement |
|
|
Read Forum |
|
Any user assigned the Application-Discussions-Manage
permission in WebCenter Spaces is automatically added to Oracle WebCenter Discussions and assigned the Administrator
role with the Category Admin
permission. Out-of-the box, WebCenter Spaces assigns the Application-Discussions-Manage
permission to the Administrator
role only, as shown in Figure 34-1.
Similarly, in group spaces, any member assigned the Discussions-Manage
, Discussions-Edit
, or Discussion-View
permission is granted the corresponding permissions on the Oracle WebCenter Discussions server. Out-of-the box, discussion and announcement permissions for the default group space roles Moderator
, Participant
, and Viewer
, are as shown in Figure 34-2.
Application roles and permissions only apply when users are working in their personal space. Within a particular group space, a different set of roles and permissions apply and it is the group space moderator's responsibility to determine suitable role assignments for each of its members. For details, see "Managing Group Space Roles and Permissions" in Oracle Fusion Middleware User's Guide for Oracle WebCenter.
Administrators must ensure that all WebCenter users have appropriate permissions. To get permissions, users must be assigned to an appropriate application role.
This section tells you how to assign roles and contains the following subsections:
From the Users and Groups page (Figure 34-3), administrators can manage application roles for all the users who have access to WebCenter Spaces, that is, all users defined in the identity store. From here, you can change user role assignments, grant administrative privileges, and revoke user permissions.
Only users granted special (nondefault) application privileges appear in this table. Initially, all users in the WebCenter Spaces identity store are assigned minimal privileges through the Spaces-User
role. Users with the default Spaces-User
role are not listed here.
See also, Section 24.3, "Adding Users to the Embedded LDAP Identity Store."
Initially, all users in the WebCenter Spaces identity store are assigned minimal privileges through the Spaces-User
role. You can assign individual users (or multiple users in the same enterprise group) to a different application role through WebCenter Spaces Administration.
Updates in your back-end identity store, such as new users or someone leaving an enterprise group, are automatically reflected in WebCenter Spaces. Initially, when you assign an enterprise group to a WebCenter Spaces role, everyone in the enterprise group is granted that role. If someone moves out of the group, the role is revoked. If someone joins the group, they are granted the role.
Note: For WebCenter Spaces to properly maintain enterprise group-to-role mappings, the back-end discussions server and content server must support enterprise groups. If either back-end server does not support enterprise groups, users belonging to enterprise groups are individually added to WebCenter Spaces roles and subsequent group updates in the identity store are not reflected in WebCenter Spaces. This can quickly become a maintenance issue, especially when enterprise groups contain large number of users. Oracle WebCenter Discussion Server and Oracle Universal Content Management versions provided with Oracle WebCenter 11.1.1.2.0 support enterprise groups but previous versions may not. |
To assign a user (or a group of users) to a different application role:
Login to WebCenter Spaces with administrative privileges.
See Section 32.1, "Logging into WebCenter Spaces as an Administrator".
Click the Administration link at the top of the application.
Click the Security tab.
Click the Users and Groups tab (Figure 34-3).
This page lists WebCenter users to which additional roles are defined.
Choose User or Group from the drop down.
Select User to grant permissions to one or more users defined in the identity store. Select Group to grant permissions to groups of users.
If you know the exact name of the user or group, enter the name in the box provided, separating multiple names with a comma.
If you are not sure of the name you can search your identity store:
Click the Find icon (Figure 34-4).
The Find User (or Find Group) dialog box opens (Figure 34-5).
Enter two or more characters that appear in the name you are looking for.
Click the Search icon.
Users (or groups) matching your search criteria display in the Select User dialog box. The search is case-sensitive.
Select one or more names from the list.
To assign roles to multiple users or groups, multi-select all the names required. Ctrl-Click rows to select multiple names.
Note: Nested enterprise groups must be added explicitly. Groups that are nested within a group hierarchy do not automatically inherit the same permissions as the parent group. |
Click OK.
The names that you select are display on the User and Groups tab.
To assign a role, select a Role from the drop down (Figure 34-6).
Select an appropriate role for the selected users (or groups). Only choose Administrator to assign full, administrative privileges for WebCenter Spaces.
If the role you want is not listed, create a new role that meets your requirements (see Section 34.3.2, "Defining Application Roles").
When no role is selected, the user assumes the Spaces-User
role. See Section 34.1.2.1, "Default Application Roles".
Click Grant Access.
User's names and new role assignment display in the table.
From time to time, a user's role in WebCenter Spaces may change. For example, a user may move out of sales into the finance department and in this instance, the user's role assignment may change from Sales to Finance.
Note: You cannot modify your own role or the Fusion Middleware Administrator's role. See Section 34.1.2, "Understanding Application Roles". |
To assign a user to a different role:
Login to WebCenter Spaces with administrative privileges.
See Section 32.1, "Logging into WebCenter Spaces as an Administrator".
Click the Administration link at the top of the application.
Click the Security tab.
Click the Users and Groups tab.
In the Manage Existing Grants table, scroll down to the user you want.
Only users with nondefault role assignments are listed in the table. If the user you want is not listed, grant the role required as described in Section 34.2.2, "Assigning Users (and Groups) to Roles".
Click the Actions icon, then choose Change Role from the drop down list.
The Change Role dialog box opens (Figure 34-7).
Select roles as follows:
Select Administrator to assign full, administrative privileges for WebCenter Spaces.
Select select one or more roles from the list available.
If the role you want is not listed, create a new role that meets your requirements (see Section 34.3.2, "Defining Application Roles").
At least one role must be selected. To revoke all role assignments, reverting user permissions to the default Spaces-User
role, see Section 34.2.5, "Revoking Application Roles".
Click OK.
New role assignments display in the table.
It is easy to give a user full, administrative privileges for WebCenter Spaces through the Administrator
role. Administrators have the highest privilege level and can view and modify anything in WebCenter Spaces so take care when assigning the Administrator
role.
Some administrative tasks are exclusive to the Administrator
role and cannot be performed by granting the Application-Manage
permission. These tasks include editing the login page, the self-registration page, and profile gallery pages.
To give a user administrative privileges:
Login to WebCenter Spaces with administrative privileges.
See Section 32.1, "Logging into WebCenter Spaces as an Administrator".
Click the Administration link at the top of the application.
Click the Security tab.
Click the Users and Groups tab.
The Role column indicates which users already have full administrative privileges through the Administrator
role.
In the Manage Existing Grants table, scroll down to the user you want.
Only users with nondefault role assignments are listed in the table. If the user you want is not listed, follow steps in Section 34.2.2, "Assigning Users (and Groups) to Roles" to grant the Administrator
role.
Click the Actions icon, then choose Change Role from the drop down list.
The Change Role dialog box opens (Figure 34-7).
Select Administrator to assign full, administrative privileges for WebCenter Spaces.
Select OK.
The new role assignment displays in the table.
It is easy to revoke application role assignments that no longer apply. You can revoke roles individually or revoke all application roles assigned to a particular user at once.
Revoking all a user's application roles does not remove that user from the identity store and the user still has access to WebCenter Spaces through the default Spaces-User
role.
Note: You cannot revoke your own role assignments or the Fusion Middleware Administrator's role. See Section 34.1.2, "Understanding Application Roles". |
To revoke application roles:
Login to WebCenter Spaces with administrative privileges.
See Section 32.1, "Logging into WebCenter Spaces as an Administrator".
Click the Administration link at the top of the application.
Click the Security tab.
Click the Users and Groups tab.
In the Manage Existing Grants table, scroll down to the user you want.
Click the Actions icon:
Choose Change Role icon to revoke one or more, specific application roles. See also Section 34.2.3, "Assigning a User to a Different Role".
Choose Delete Role Assignments to revoke all roles assigned to that user, and then click Delete when asked for confirmation.
Access for that user is revoked immediately.
When you delete all the roles assigned to a particular user, the user is no longer listed on the Users page. The user remains in the identity store and still has access to WebCenter Spaces through the Spaces-User
role. See Section 34.1.2.1, "Default Application Roles".
WebCenter Spaces administrators cannot add new user data directly to the WebCenter Spaces identity store or remove user credentials. Identity store management is the responsibility of the systems administrator and takes place through the WLS Administration Console or directly into embedded LDAP identity stores using LDAP commands. See also, Section 24.3, "Adding Users to the Embedded LDAP Identity Store."
WebCenter Spaces administrators can, however, enable self-registration for the application. Through self-registration, invited and uninvited users can create their own login and password for WebCenter Spaces. A user who self registers is immediately and automatically granted access to WebCenter Spaces and a new user account is created in the identity store. See also, Chapter 34, "Allowing Self-Registration".
WebCenter Spaces uses application roles to manage permissions for users working in their personal space. This section tells you how to manage application roles, and their permissions from WebCenter Administration pages. It contains the following subsections:
From the Roles page (Figure 34-9), administrators can manage application roles and permissions. From here, you can edit the permissions assigned to an application role, create new application roles, or delete unused roles.
Application roles apply when a user is working within their personal space. A different set of roles and permissions apply when a user is working within a particular group space. It is the group space moderator's responsibility to determine suitable role assignments for each of its group space members. See also "Managing Group Space Roles and Permissions" in Oracle Fusion Middleware User's Guide for Oracle WebCenter.
WebCenter Spaces provides several default application roles. You cannot delete default application roles but you can modify the default permission assignments for each role. For more information, see Section 34.1, "Understanding Users, Roles, and Permissions".
Use roles to characterize groups of WebCenter users and determine what they can see and do in their personal spaces.
When defining application roles, use self-descriptive role names and try to keep the role policy as simple as possible. Choose as few roles as you can, while maintaining an effective policy.
Take care to assign appropriate access rights when assigning permissions for new roles. Do not allow users to perform more actions than are necessary for the role but at the same time, try not to inadvertently restrict them from activities they must perform. In some cases, users might fall into multiple roles.
To define a new application role:
Login to WebCenter Spaces with administrative privileges.
See Section 32.1, "Logging into WebCenter Spaces as an Administrator".
Click the Administration link at the top of the application.
Click the Security tab.
Click the Roles tab.
Current application roles for WebCenter Spaces display as columns in the table.
Click Create Role to define a new role for WebCenter users.
Enter a suitable name for the role.
Ensure the role names that are self-descriptive. Make it as obvious as possible which users should belong to which roles. Role names cannot include special characters or whitespace.
(Optional) Choose a Template Role.
The new role inherits permissions from the template role. You can modify these permissions in the next step.
Choose Administrator to create a role that inherits full, administrative privileges. Conversely, choose Public-User
to create a role that typically provides minimal privileges. Alternatively, choose a custom application role to be your template.
Click OK.
The new role appears as a column in the table. The permissions list shows which actions users with this role can perform.
To modify user permissions for the role, select or clear each permission check box.
Click Apply to save any changes that you make to the role's permissions.
Administrators can modify the permissions associated with application roles at any time. Application permissions are described in Section 34.1.3, "Understanding Application Permissions".
Application role permissions allow individuals to perform specific actions in their personal space. With a particular category, the Manage
permission (such as Group Spaces-Manage
) contains all other permissions (for example, Group Spaces-Configure
and Group Spaces-View
).
Note: Application permissions cannot be modified for theAdministrator role. See also Section 34.1.2.1, "Default Application Roles". |
To change the permissions assigned to a role:
Login to WebCenter Spaces with administrative privileges.
See Section 32.1, "Logging into WebCenter Spaces as an Administrator".
Click the Administration link at the top of the application.
Click the Security tab.
Click the Roles tab.
Select or clear Permissions check boxes to enable or disable permissions for a role.
Click Apply to save.
The new permissions are effective immediately.
Anyone who is not logged in to WebCenter Spaces assumes the Public-User
role. Out-of-the-box, the Public-User
role is granted minimal privileges, that is, the Application-View
permissions only.
Caution: Take care when granting permissions to thePublic-User role. Avoid granting administrative permissions such as Application-Manage , Application-Configure , other Manage permissions, or any permission that might be considered unnecessary. |
Granting the Application-View Permission
The Application-View
permission allows unauthenticated users to see public WebCenter Spaces application pages, such as the welcome page, and also content that individual WebCenter users choose to make public.
When Application-View
permissions are granted to the Public-User
role:
Ensure that your WebCenter users understand that any personal page or personal content they choose to make public will become accessible to unauthenticated users outside of the WebCenter Spaces community, that is, anyone with Web access.
Consider customizing the default welcome page that displays to public users before they login. See Section 35.3.1, "Customizing the Public Welcome Page".
If you do not want unauthenticated users to see WebCenter Spaces content that is marked 'public', do not grant the Application-View
permission to the Public-User
role. When public access is disabled, public content cannot be seen by unauthenticated users. Also, the welcome page for WebCenter Spaces is not displayed; public users are directed straight to a login page. Administrators may customize the default login page, if required. See Section 35.3.2, "Customizing the Login Page".
Granting Other Permissions
Be careful when assigning permissions to the Public-User
role. For security reasons, Oracle recommend that you limit what anonymous users can see and do in WebCenter Spaces.
Anyone who is logged in to WebCenter Spaces assumes the Spaces-User
role. Out-of-the-box, the Spaces-User
role is granted minimal privileges, that is, the Application-View
, Group Space-Create
, Group Space Templates-Create
, Pages-Create
, Profiles-Edit
permissions only.
Note that the Spaces-User
role always inherits permissions from the Public-User
role.
When an application role is no longer required you should remove it from WebCenter Spaces. This helps maintain a valid role list, and prevents inappropriate role assignment.
Application roles are deleted even when users are still assigned to the them. As you cannot delete any default roles, WebCenter users will always have the Spaces-User
role.
Note: Default roles cannot be deleted (Administrator , Spaces-User , Public-User ). See Section 34.1.2.1, "Default Application Roles". |
To delete an application role:
Login to WebCenter Spaces with administrative privileges.
See Section 32.1, "Logging into WebCenter Spaces as an Administrator".
Click the Administration link at the top of the application.
Click the Security tab.
Click the Roles tab.
Select the Delete Role icon next to the role you want to delete (Figure 34-11).
Click OK to confirm that you want to delete the role.
The role is removed from the table. Any users assigned to this role only, assume the default Spaces-User
role and do not display on the Users tab.
Self-registration allows users to create their own login and password for WebCenter Spaces. A user who self registers is immediately and automatically granted access to WebCenter Spaces and a new user account is created in the application's identity store.
When anyone is allowed to self-register, that is any public user, a Register link or Register button displays below the WebCenter Spaces login form. To enable this feature, see Section 34.4.2, "Enabling Anyone to Self-Register".
Self-registration by invitation is allowed too. This feature allows group space moderators to send out membership invitations to people who are not currently registered with WebCenter Spaces but might be interested in their group space. Before accessing the group space, invitees must create an account with WebCenter Spaces and their account details are added to the application's identity store. When the group space moderator approves their subscription request they will gain access to the group space. See Section 34.4.1, "Enabling Self-Registration By Invitation-Only".
Note: If self-registration is not enabled in WebCenter Spaces, identity store management takes place through the WLS Administration Console (or directly into embedded LDAP identity stores using LDAP commands) and is the responsibility of your systems administrator. See also, Section 24.3, "Adding Users to the Embedded LDAP Identity Store." |
A self-registration page is supplied out-of-the-box. Users with the Administrator
role can add new components to the page and change the page layout if required. See Section 35.3.3, "Customizing the Self-Registration Page".
The self-registration page provided with WebCenter Spaces offers to send a "user name reminder email" to anyone who tries to register using an existing email address. This feature only works if public credentials are defined for the external application that is providing authentication for the Mail service. If users experience issues with this feature, ask your Fusion Middleware Administrator to check the mail server connection and its associated external application connection are configured correctly and that public credentials are defined. See also, Section 15.3, "Registering Mail Servers".
Out-of-the-box, only existing WebCenter users are candidates for group space membership. While this might meet the needs of most WebCenter Spaces applications it is likely that some group spaces will want to recruit members outside of the WebCenter Spaces community.
The WebCenter Spaces administrator can extend group space membership to users outside of WebCenter Spaces by allowing them to self-register on an invitation-only basis. When this facility is enabled, group space moderators can invite anyone to join their group space by sending them a customizable invitation by mail. The invitation includes a secure, self-registration URL which the invited party clicks to accept group space membership.
New members recruited in this way must create an account with WebCenter Spaces before gaining access to the group space. Users who self-register by invitation are added to the identity store, and to the group space member list.
Note: Users who self-register by invitation will be assigned the default application role too—Spaces-User . Out-of-the box, users with the Spaces-User role have access to their own personal space, pages that they create, and public pages. They are also allowed to view public group spaces, join any group space that allows self-subscription, and create group spaces of their own. When you enable self-registration, consider modifying Spaces-User permissions to suit your exact requirements. See also, Section 34.3.3, "Modifying Application Role Permissions". |
To allow external users to join group spaces:
Login to WebCenter Spaces with administrative privileges.
See Section 32.1, "Logging into WebCenter Spaces as an Administrator".
Click the Administration link at the top of the application.
Click the General tab.
Select Allow Self-Registration Through Invitations (Figure 34-12).
When you deselect this option, only existing WebCenter users are candidates for group space membership.
Click Apply.
Group space moderators may invite non-WebCenter users to become members of their group space. See "Inviting a Non-WebCenter Spaces User" in Oracle Fusion Middleware User's Guide for Oracle WebCenter.
When anyone is allowed to self-register, that is any public user, a Register link displays in the top right corner of the application or a Register button displays below the WebCenter Spaces login form (Figure 34-13).
New users must create an account before gaining access to the WebCenter Spaces application.
Users who self-register are added directly to the WebCenter Spaces identity store and assigned the Spaces-User
application role. Out-of-the-box, users with Spaces-User
role have access to their own personal space, pages that they create, and public pages. They are also allowed to view public group spaces, join any group space that allows self-subscription, and create group spaces of their own. If you enable self-registration, consider modifying Spaces-User
permissions to suit your exact requirements. See Section 34.3.3, "Modifying Application Role Permissions".
To allow anyone to self-register with WebCenter Spaces:
Login to WebCenter Spaces with administrative privileges.
See Section 32.1, "Logging into WebCenter Spaces as an Administrator".
Click the Administration link at the top of the application.
Click the General tab.
Select Allow Public Users to Self-Register (Figure 34-14).
When you deselect this option, public users cannot self-register with WebCenter Spaces. You still enable self-registration on an invitation-only basis if you want. See Section 34.4.1, "Enabling Self-Registration By Invitation-Only".
Click Apply.
See also, "Registering Yourself with WebCenter Spaces" in Oracle Fusion Middleware User's Guide for Oracle WebCenter.
For WebCenter Spaces to properly maintain enterprise group-to-role mappings, the back-end discussions server and content server must support enterprise groups. Oracle WebCenter Discussion Server and Oracle Universal Content Management versions provided with Oracle WebCenter 11.1.1.2.0 support enterprise groups but previous versions may not.
If a back-end server does not support enterprise groups, users belonging to enterprise groups are individually added to WebCenter Spaces roles and subsequent group updates in the identity store are not reflected in WebCenter Spaces. This can quickly become a maintenance issue, especially when enterprise groups contain large number of users.
An error message displays if a new back-end server that does not support enterprise groups is enabled in WebCenter Spaces where enterprise group-to-role assignments exist. In this instance, delete all the enterprise group-to-role assignments and reassign roles to individual users instead.