This section describes how to configure users and groups on ActiveDirectory and Oracle Directory Server. (For information about Oracle ATG Web Commerce’s default users, groups, and privileges, see the Configuring Access Privileges section, earlier in this chapter.)

Configuring an ActiveDirectory Server

To configure users and groups on an Active Directory server, do the following:

  1. Select Start > Program Files > Active Directory Users and Computers.

  2. Select Action > New > Organizational Unit. Under the relevant domain, create an organizational unit called dynamo-users.

  3. From any location in the domain, select Action > New > Users and create the users listed in Creating Users, later in this chapter.

  4. In the dynamo-users organizational unit, select Action > New > Group and create the groups listed in Creating Groups, later in this chapter. Set the groups’ scope to Universal and the type to Distribution.

Configuring an Oracle Directory Server

To configure users and groups on an Oracle (formerly Sun ONE) Directory Server, do the following:

Creating Users

The set of user and group accounts that Oracle ATG Web Commerce creates during account initialization depends on the application modules included in your application. If you want your LDAP configuration to support Oracle ATG Web Commerce’s default set of users, create the following users:

User

Login name

Password

Module

Andy Administrator

admin

admin

DSS

Dana Designer

design

design

DSS

Donna Developer

developer

developer

DSS

Mary Manager

manager

manager

DSS

Mike Marketer

marketing

marketing

DSS

Mark Merchant

merchant

merchant

DCS

Creating Groups

Create the following groups for the Oracle ATG Web Commerce Adaptive Scenario Engine:

Group

Description

Members

everyone-group

All Users

admin
design
developer
manager
marketing

ATG Commerce:

merchant

administrators-group

System Administrators

admin

designers-group

Designers

design

developers-group

Developers

developer

managers-group

Managers

manager

marketing-group

Marketing People

marketing

server-restart-privilege

Server Restart

administrators-group
developers-group

server-shutdown-
privilege

Server Shutdown

administrators-group

support-cases-privilege

Tools: Submit a Support Request

administrators-group
designers-group
developers-group
managers-group

support-knowledge-base-privilege

Support: Knowledge Base

administrators-group
managers-group
developers-group
designers-group

components-module
privilege

Pages and Components: Components By Module

administrators-group
developers-group

components-path
privilege

Pages and Components: Components By Path

administrators-group
developers-group

pages-privilege

Pages and Components: Pages

administrators-group
designers-group

admin-users-
privilege

User Admin: Users

administrators-group
managers-group

admin-roles-
privilege

User Admin: Groups

administrators-group
managers-group

tools-pipeline-editor-privilege

Tools: Pipeline Editor

administrators-group
developers-group

tools-integrations-
privilege

Tools: Integrations

N/A

content-
repositories-user-group

Content Repositories User

administrators-group
marketing-group

targeting-profile-
groups-privilege

Targeting: Profile Groups

administrators-group
content-repositories-user-group
marketing-group

targeting-content-
groups-privilege

Targeting: Content Groups

administrators-group
content-repositories-user-group
marketing-group

targeting-targeted-
content-privilege

Targeting: Content Targeters

administrators-group
content-repositories-user-group
marketing-group

targeting-preview-
privilege

Targeting: Preview

administrators-group
content-repositories-user-group
marketing-group

scenarios-privilege

Scenarios: Scenarios

administrators-group
marketing-group

scenarios-
templates-privilege

Scenarios: Scenario Templates

administrators-group
marketing-group

people-organization admin-privilege

Repository: Organizations

administrators-group
marketing-group

people-roleadmin-privilege

Repository: Roles

administrators-group
marketing-group

people-profiles-privilege

Repository: Profile Repository

administrators-group
marketing-group

people-profiles-indiv-privilege

Repository: Profile Repository

administrators-group
marketing-group

If you are running Oracle ATG Web Commerce Content Administration, create these additional static groups:

Group

Description

Members

publishing-workflow-privilege

Publishing: Workflow

administrators-group

publishing-repository-privilege

Publishing: Epublishing Repository

administrators-group

If you are running ATG Commerce, create this additional static group:

Group

Description

Members

commerce-repositories-user-group

Commerce Repositories User

admin
merchant

Configuring Dynamically Generated Privileges

Any ATG Control Center privileges that are associated with a repository are generated dynamically by Oracle ATG Web Commerce as needed. If there are any ATG Control Center features with undefined privileges, you might see the following error message when your application starts up:

Allowing access for unknown privilege privilege_name

For example:

Allowing access for unknown privilege commerce-customproductcatalog-privilege

If you see an unknown privilege error message, create the privilege in your LDAP repository, then add it as a member of the appropriate group, as follows:

Type of Privilege

Member of Group

commerce

commerce-repositories-user-group

repository

content-repositories-user-group

If you want to automatically deny access to ATG Control Center features with undefined privileges (and disable unknown privilege error messages), set /atg/devtools/DevSecurityDomain.allowUnknownPrivileges to false.


Copyright © 1997, 2012 Oracle and/or its affiliates. All rights reserved. Legal Notices