When you grant privileges on a Portal Template for pages, you are controlling access to the pages that are based on the template, rather than on the template itself. When you grant privileges on a Portal Template for items, you are controlling access to the template, its tabs, and its items—depending on the level of security applied.
This section discusses how to grant access privileges on Portal Templates for pages and Portal Templates for items. It also lists and describes the privileges that provide some level of template management access. It includes the following subsections:
Section 17.11.1, "Granting Access to Portal Templates for Pages"
Section 17.11.2, "Granting Access to Portal Templates for Items"
To define template access privileges, you must have the global privilege Manage on the object type All Page Groups or the page group privilege Manage Templates or higher on the page group.
Granting access on a Portal Template for pages means setting security controls that affect all pages that are based on the template. For Portal Templates for pages, the Access tab enables you to control access to the pages that are based on this template, but not on the template itself.
You can grant access only on Portal Templates and not on HTML Templates.
Note:
To grant access privileges on a template, you must have at least the page group privilege Manage Templates on the page group that owns the template.
To make a Portal Template available for use in a page group, the option Make available for use in this page group must be selected on the Main tab of template properties.
To grant access privileges on a Portal Template for pages:
Log in to Oracle Portal.
Click the Build tab to bring it forward.
From the Page Groups portlet Work In drop-down list, select the page group that owns the template on which to grant access privileges.
In default installations of Oracle Portal, the Page Groups portlet is located on the Build tab of the Portal Builder page.
Under Portal Templates in the Layout & Appearance section, click the Portal Template on which to grant access.
This opens the template in Edit mode.
Click the Access link in the toolbar at the top of the template.
Select Enable Pages to Have Different Access to enable users with sufficient privileges to choose different access control settings when they create or edit pages that are based on the template.
Clear this check box to prevent users from choosing different access control settings when they create or edit pages that are based on this template. Such pages will always use the template access control settings.
Select Display Page to Public Users to enable all users to view pages that are based on this template—even users who are not logged on.
Clear this check box to limit the display of pages that are based on this template to users who have explicitly been granted access.
Any rendered page with this option enabled becomes a crawlable data source for Oracle Ultra Search. This means if the page that is based on this template uses the template's access settings, and this option is enabled on the template, the page is available for a crawl initiated through Oracle Ultra Search. See also, "Registering Oracle Portal as a Content Source," in the Oracle Fusion Middleware Administrator's Guide for Oracle Portal.
Select Enable Item Level Security to enable item creators to specify access control settings for individual items on pages that are based on this template.
If you select this check box, item creators can choose to inherit access control from the template or specify access control for individual items.
If you do not select this check box, all the items on the template inherit access control from the template.
Under the Grant Access section, define access settings for individual users and groups:
In the Grantee field, select a user or group.
Browse for user or group names by clicking the Browser Users or Browser Groups icons.
Note:
Oracle Portal uses the Oracle Internet Directory for identity management. the Oracle Internet Directory serves as the repository for users and groups. In the Oracle Internet Directory, groups are uniquely identified by their distinguished name (DN). Each group has a unique DN, though many groups can share a common name, in the same way that two people can share a common name, yet have completely different lineage (such as John Smith and John Doe). When working within the portal, groups created from within that portal are displayed simply with their common names. However, when the portal references a group from some other location in the Oracle Internet Directory—such as a group from some other portal associated with the same Identity Management Infrastructure—the DN of the group is displayed to distinguish it from the portal's locally defined groups.
In the next (access privilege) field, select the level of privilege to grant to the user or group selected in the Grantee field.
For an explanation of the listed privileges, see Appendix B, "Page Group Object Privileges".
Click the Add button.
Once you grant a privilege, a Change Access section displays. Use this section to revise or revoke privileges.
If you are changing template access, once you have redefined access privileges click the Clear Cache link in the Cache Invalidation section.
Click the Finish button.
The template displays in Edit mode.
Oracle Portal provides options for overriding template style and access settings. These are useful for allowing privileged users to select a style or set access rules other than those used by the template for a page that is based on the template.
To use this option for styles, select Enable Pages To Use Different Style on the Style tab of template properties. To use this option for access settings, select Enable Pages to Have Different Access on the Access tab of template properties. This option is available for Portal Templates for pages, but not for Portal Templates for items.
Granting access to a Portal Template for items means setting security controls on the template itself. Portal Templates for items are rendered dynamically when a link to an item that uses the template is clicked, so any access controls you set on the template apply to every rendered version of the template.
To view a page that is dynamically assembled using a Portal Template for items, one of the following conditions must be met:
The template must be public.
The user must have at least the View privilege on the template.
The user must have the page group privilege Manage Template on the page group that owns the template.
To grant access privileges on a Portal Template for items:
Log in to Oracle Portal.
Click the Build tab to bring it forward.
From the Page Groups portlet Work In drop-down list, select the page group that owns the template on which to grant access privileges.
In default installations of Oracle Portal, the Page Groups portlet is located on the Build tab of the Portal Builder page.
Under Portal Templates in the Layout & Appearance section, click the Portal Template for items on which to grant access.
This opens the template in Edit mode.
Click the Access link in the toolbar at the top of the template.
Select Display Page to Public Users to enable all users to view this template—even users who are not logged on.
When this option is selected, users can see all template content, provided the content is not further restricted by access rules on template tabs or items. When tabs or items have their own access rules, users will need specific privileges on the template tabs or items.
Clear this check box to limit the display of this template to users who have explicitly been granted access.
Select Enable Item Level Security to enable item creators to specify access control settings for individual items on the template:
If you select this check box, item creators can choose to inherit access control from the template or specify access control for individual items.
If you do not select this check box, all the items on the template inherit access control from the template.
Under the Grant Access section, define access settings for individual users and groups:
In the Grantee field, select a user or group.
Browse for user or group names by clicking the Browser Users or Browser Groups icons.
Note:
Oracle Portal uses the Oracle Internet Directory for identity management. the Oracle Internet Directory serves as the repository for users and groups. In the Oracle Internet Directory, groups are uniquely identified by their distinguished name (DN). Each group has a unique DN, though many groups can share a common name, in the same way that two people can share a common name, yet have completely different lineage (such as John Smith and John Doe). When working within the portal, groups created from within that portal are displayed simply with their common names. However, when the portal references a group from some other location in the Oracle Internet Directory—such as a group from some other portal associated with the same Identity Management Infrastructure—the DN of the group is displayed to distinguish it from the portal's locally defined groups.
In the next (access privilege) field, select the level of privilege to grant to the user or group selected in the Grantee field.
For an explanation of the listed privileges, see Appendix B, "Page Group Object Privileges".
Click the Add button.
Once you grant a privilege, a Change Access section displays. Use this section to revise or revoke privileges.
If you are changing template access, once you have redefined access privileges click the Clear Cache link in the Cache Invalidation section.
Click the Finish button.
The template displays in Edit mode.
For information about setting access privileges on tabs, see Section 17.6, "Securing Tabs". For information about setting access privileges on items, see Section 17.9, "Securing Items".
You can grant privileges related to templates at the global level, the page group level, and the page level. Such privileges apply to both Portal Templates and HTML templates. This section lists and describes these privileges.
Note:
For information about granting privileges at the global level, see Section 17.3, "Granting Global Privileges". For information about granting privileges at the page group level, see Section 17.4, "Securing Page Groups".
For more information about templates, see Chapter 12, "Providing a Standard Look and Feel".
Table 17-4 lists and describes the types of privileges that provide access to templates.
Table 17-4 Privileges Relating to Templates
| Privilege | Description |
|---|---|
|
The global privilege Manage All on the object type All Page Groups |
Perform any task on any page group. This privilege supersedes any other privilege in the other page group global privileges. For example, this also allows managing of any page. This user is the manager for all page groups, and by extension, the manager of all templates. |
|
The global privilege Manage Templates on the object type All Page Groups |
Create, edit, and delete any Portal Template or HTML template in any page group. Grant access to any template. |
|
The global privilege Manage Classifications on the object type All Page Groups |
Create, edit, and delete any category, perspective, custom attribute, custom page type, or custom item type in any page group. |
|
Create, edit, personalize, or delete any page in any page group. Grant access to any page in any page group. This privilege includes the ability to apply templates to all pages. |
|
|
Create sub-pages in any page group. Users and groups with this privilege can also edit and delete the sub-pages they create. To use this privilege to create sub-pages, a user must have the page privilege Manage on the parent page under which sub-pages are created. This privilege includes the ability to apply templates to pages the user creates. |
|
|
A user with this privilege can perform any task within the page group. The Manage All privilege includes all other page group privileges: Manage Classifications, Manage Templates, Manage Styles, and View. A user with this privilege is called the page group administrator. |
|
|
A user with this privilege can create, edit, and delete any category, perspective, attribute, custom item type, and custom page type in the page group. |
|
|
A user with this privilege can create, edit, and delete any template in the page group. A user with this privilege must also have the page group privilege View to view pages in this page group. A user with this privilege can delete a tab on a template only if other users have not placed their own content on it on pages that are based on the template or if the user also has content management privileges on the pages that are based on the template. |
|
|
This privilege enables users to apply a template to the page(s) they manage. This privilege carries with it many other capabilities. For more information, see Appendix B, "Page Group Object Privileges". |