This section describes how to configure users and groups on Active Directory and Oracle Directory Server. (For information about the Oracle Commerce Platform’s default users, groups, and privileges, see the Configuring Access Privileges section, earlier in this chapter.)
Configuring an ActiveDirectory Server
To configure users and groups on an Active Directory server, do the following:
Select Start > Program Files > Active Directory Users and Computers.
Select Action > New > Organizational Unit. Under the relevant domain, create an organizational unit called
dynamo-users
.From any location in the domain, select Action > New > Users and create the users listed in Creating Users, later in this chapter.
In the
dynamo-users
organizational unit, select Action > New > Group and create the groups listed in Creating Groups, later in this chapter. Set the groups’ scope toUniversal
and the type toDistribution
.
Configuring an Oracle Directory Server
To configure users and groups on an Oracle (formerly Sun ONE) Directory Server, do the following:
Start the Directory Server Console.
In the navigation tree in the left pane, select the Directory Server that you want to use; for example,
"Directory Server" (server_name)
.In the panel on the right side, click Open.
Click the Directory tab and locate the organization folder you wish to use (such as
yourcompany.com
).Click the plus sign (+) next to the organization folder to expand the view.
To create an Organizational Unit, select Object > New > Organization Unit. Name the new unit
dynamo-users
.Select Object > New > User and create the users listed in Creating Users, later in this chapter.
In the right pane, select
dynamo-users
.Select Object > New > Group and create the static groups listed in Creating Groups, later in this chapter.
(Optional) If you have other existing users that you want to add to a group, add them to the one of the groups you created in Step 9.
Creating Users
The set of user and group accounts that the Oracle Commerce Platform creates during account initialization depends on the application modules included in your application. If you want your LDAP configuration to support the Oracle Commerce Platform’s default set of users, create the following users:
User | Login Name | Password | Module |
---|---|---|---|
Andy Administrator | admin | admin |
|
Dana Designer | design | design |
|
Donna Developer | developer | developer |
|
Mary Manager | manager | manager |
|
Mike Marketer | marketing | marketing |
|
Mark Merchant | merchant | merchant |
|
Creating Groups
Create the following groups for the Oracle Commerce Platform:
Group | Description | Members |
---|---|---|
everyone-group | All Users | admin Core Commerce: |
administrators-group | System Administrators | admin |
designers-group | Designers | design |
developers-group | Developers | developer |
managers-group | Managers | manager |
marketing-group | Marketing People | marketing |
server-restart-privilege | Server Restart | administrators-group |
server-shutdown- | Server Shutdown | administrators-group |
support-cases-privilege | Tools: Submit a Support Request | administrators-group |
support-knowledge-base-privilege | Support: Knowledge Base | administrators-group |
components-module | Pages and Components: Components By Module | administrators-group |
components-path | Pages and Components: Components By Path | administrators-group |
pages-privilege | Pages and Components: Pages | administrators-group |
admin-users- | User Admin: Users | administrators-group |
admin-roles- | User Admin: Groups | administrators-group |
tools-pipeline-editor-privilege | Tools: Pipeline Editor | administrators-group |
tools-integrations- | Tools: Integrations | N/A |
content- | Content Repositories User | administrators-group |
targeting-profile- | Targeting: Profile Groups | administrators-group |
targeting-content- | Targeting: Content Groups | administrators-group |
targeting-targeted- | Targeting: Content Targeters | administrators-group |
targeting-preview- | Targeting: Preview | administrators-group |
scenarios-privilege | Scenarios: Scenarios | administrators-group |
scenarios- | Scenarios: Scenario Templates | administrators-group |
people-organization admin-privilege | Repository: Organizations | administrators-group |
people-roleadmin-privilege | Repository: Roles | administrators-group |
people-profiles-privilege | Repository: Profile Repository | administrators-group |
people-profiles-indiv-privilege | Repository: Profile Repository | administrators-group |
If you are running ATG Content Administration, create these additional static groups:
Group | Description | Members |
---|---|---|
publishing-workflow-privilege | Publishing: Workflow | administrators-group |
publishing-repository-privilege | Publishing: Epublishing Repository | administrators-group |
If you are running Core Commerce, create this additional static group:
Group | Description | Members |
---|---|---|
commerce-repositories-user-group | Commerce Repositories User | admin |
Configuring Dynamically Generated Privileges
Any ATG Control Center privileges that are associated with a repository are generated dynamically by the Oracle Commerce Platform as needed. If there are any ATG Control Center features with undefined privileges, you might see the following error message when your application starts up:
Allowing access for unknown privilege
privilege_name
For example:
Allowing access for unknown privilege commerce-customproductcatalog-privilege
If you see an unknown privilege
error message, create the privilege in your LDAP repository, then add it as a member of the appropriate group, as follows:
Type of Privilege | Member of Group |
---|---|
commerce | commerce-repositories-user-group |
repository | content-repositories-user-group |
If you want to automatically deny access to ATG Control Center features with undefined privileges (and disable unknown privilege
error messages), set /atg/devtools/
to
DevSecurityDomain.allowUnknownPrivilegesfalse
.