1. Oracle WebCenter Portal Online Help
  2. Online Help Topics for Portals
  3. Security

Security

The Security page in portal administration allows you to set security on the portal, such as access level, defining roles and permissions, and managing membership.

Changing the Access to a Portal

Access to a portal is defined when the portal is created. This access can be changed to make the portal more visible or less visible.

To change the access to a portal:

  1. In the portal administration, click Security in the left navigation pane, then click the Access subtab and select how you want the portal to be exposed:

    • Public: Anyone can visit the portal, whether they are a registered WebCenter Portal user or not. When this setting is selected, the Public-User role in the portal is automatically granted View Pages and Content permission in the portal, which allows public users to view pages, lists, events, links, and notes. To allow public users to view documents, you need to grant these permissions. Public users do not have edit, create, or manage permissions in the portal.

    • Private: To access the portal, membership is required (either through invitation or self-registration if enabled). The portal will be shown in the list of available portals in the portal browser and will appear in search results.

      Note:

      The Administrator role provides a user with administrative permissions in a private portal (such as managing membership), but does not allow access to a private portal’s page contents.

    • Hidden: To access the portal, membership is required (through invitation). The portal will not be shown in the list of available portals in the portal browser and will not appear in search results. Members can access the portal through direct URL.

      Note:

      Hidden portals can be viewed through WebCenter Portal administration on the All Portals page by users with the permission Portal Server-Manage Configuration or Portals-Manage Security and Configuration, such as a system administrator. While these users can manage the portal (change settings and membership), they cannot see the portal pages and content unless they are a portal member.
  2. Click Save.

Creating a Custom Role for a Portal

Before creating a new role, be sure to confirm that the Viewer or Participant roles cannot meet the role requirements.

See Creating Viewer and Participant Roles for a Portal for permissions associated with these two roles.

To create a new role for a portal:

  1. In the portal administration, click Security in the left navigation pane, then click the Roles subtab.
  2. To define a new role for this portal, click the Create Role drop-down and select Custom Role to open the Create Role dialog.
  3. Click the Help icon in the Create Role dialog for assistance.
  4. To modify permissions for the role, click Edit Permissions, and then select or deselect each permission check box.

Creating a Delegated Manager Role for a Portal

Portal managers can assign the Delegated Manager role for the portal to another member. The Delegated Manager role is a seeded role, but is not created by default when the portal is created. The Portal Manager has to explicitly create the role for a portal, as described in this section.

Note:

The Delegated Manager role assumes all the permissions inherent in the Portal Manager role, with the following two exceptions:

  • The Delegated Manager role has only Manage Configuration permissions in portal administration (this means that even though the Delegated Manager role includes all of the portal administration permissions, this role cannot access portal security, including roles and members).

  • The Delegated Manager cannot delete the portal.

To create a Delegated Manager role:

  1. In the portal administration, click Security in the left navigation pane, then click the Roles subtab.
  2. Click the Create Role drop-down and select Delegated Manager.

    The Delegated Manager role is created and appears as a row in the table.

  3. To modify permissions for the role, select the row and click Edit Permissions, and then select or deselect each permission check box.

Creating Viewer and Participant Roles for a Portal

The Viewer and Participant roles, like the Delegated Manager role, are not created automatically when a portal is created, even though they are seeded roles. The Portal Manager has to create the roles of Viewer and Participant for a portal using the Create Role drop-down.

Assign the Viewer role to members who are primarily going to view content in a portal, and assign the Participant role to members who will be modifying content in a portal.

To create a Viewer or Participant role:

  1. In the portal administration, click Security in the left navigation pane, then click the Roles subtab.
  2. To create a Viewer or Participant role for this portal, click the Create Role drop-down and select either Viewer or Participant depending on the role you want to create.

    The role you select is created and appears as a row in the Roles table.

  3. To modify permissions for the role, select the appropriate row and click Edit Permissions, and then select or deselect each permission check box.

Using Advanced Permissions

Advanced permissions are detailed permissions that give you more flexibility over role assignments, but can become complex to manage and maintain. For example, you can set create, edit, view, and delete permissions for individual tools and assets, rather than setting the same permission for all tools or all asset types.

If advanced permissions are specified in a portal and the portal is used to create a custom template, the selected advanced permissions will be included in portals built from the custom template (provided Members Info or Roles Info is selected during template creation).

Note:

If you switch to using advanced permissions, you cannot revert to standard permissions.

To use advanced permissions:

  1. In the portal administration, click Security in the left navigation pane, then click the Roles subtab.
  2. Click Advanced Permissions.

    A warning message displays.

  3. Click OK to continue.
    Notice that the Advanced Permissions link is no longer available.
  4. Click Edit Permissions again, and in the Edit Permissions dialog, select or deselect the check boxes to enable or disable permissions for a role.

    Note:

    If you are working with a portal that was imported from a previous version of WebCenter Portal, you may see different permissions. Such permissions are only provided for migration purposes and do not apply to any new portals that you create with this release.

  5. Click Save.

Adding Registered Users and Groups to a Portal

As a portal manager, you can add any user currently registered with WebCenter Portal as a member of your portal. When the SOA server and WebCenter Portal workflows are configured, added users receive notification in their activity stream and through a mail message (if the SOA server is configured to send mail).

To add a member to your portal:

  1. In the portal administration, click Security in the left navigation pane, then click the Members subtab.
  2. (Optional) On the Members page, click Options to edit the greeting messages sent to new members. Click Save to close the Membership Options dialog.
  3. Select one of:

    • Add People to add one or more individual users as members of the portal.

    • Add Groups to add multiple users belonging to a named user group in the identity store. Subsequent changes or updates to the group are automatically reflected in the portal.

  4. If you know the exact name of the person or group, enter the name in the input field, separating multiple names with a comma.
  5. Select one or more user names from the list.
  6. From the Select Role list, select a role for the selected members or groups.
  7. Click Add.

Inviting a Registered User to Join a Portal

As a portal manager, you can invite anyone who is currently registered with WebCenter Portal to become a member of your portal. Invited users receive notification through the mail messages (if SOA server is configured to send mail) and through their worklist (if the SOA server is configured to use Oracle BPM Worklist).

Tip:

Invite People is available when WebCenter Portal workflows are configured and a portal manager has selected Enable Invite Portals Users in the Membership Options dialog.

To invite someone to become a member of your portal:

  1. In the portal administration, click Security in the left navigation pane, then click the Members subtab.
  2. (Optional) On the Members page, click Options to edit the greeting message sent to invited members, then click Save to close the Membership Options dialog.
  3. Click Invite People, then select Invite Registered Users to invite individual users to become a member of the portal.
  4. If you know the exact name of the user, enter the name in the box provided, separating multiple names with a comma.
  5. Select one or more user names from the list.
  6. Select a role for the invited members. If the role you want is not listed, create a role that meets your requirements.
  7. Click Invite.

Inviting a Non-Registered User to Join a Portal

If your system administrator has allowed non-registered people to self-register, portal managers can invite anyone with a valid mail address to join the portal. Prospective members receive an invitation by mail (if SOA server is configured to send mail), inviting them to join the portal. Upon accepting the invitation, non-registered users are prompted to register with WebCenter Portal before gaining access to the portal.

Note:

Invite People is available when WebCenter Portal workflows are configured and the portal manager has selected Enable Invite Portals Users in the Membership Options dialog. Invite Non-Registered Users is available only when the system administrator has enabled Allow Self-Registration Through Invitations and Allow Public Users to Self-Register at the application level.

To invite someone outside the WebCenter Portal community to join your portal:

  1. In the portal administration, click Security in the left navigation pane, then click the Members subtab.
  2. On the Members page, click Options to edit the greeting message that is sent to people who are not yet registered WebCenter Portal users, then click Save to close the Membership Options dialog.
  3. Click Invite People, then select Invite Non-Registered Users.
  4. Enter the Email Address(es) for one or more prospective members, separated by commas.
  5. Select a Role for the prospective members. If the role you want is not listed, create a role that meets your requirements.
  6. Click Invite.

Revoking Membership to a Portal

Portal managers can revoke user membership for a portal at any time.

To revoke membership:

  1. In the portal administration, click Security in the left navigation pane, then click the Members tab.
  2. On the Members page, select one or more users or groups (Ctrl+click to select multiple members), then click Remove.
  3. In the Remove Members dialog, click Remove to confirm.

Assigning or Changing Member Role Assignments in a Portal

A portal manager can change a member's role at any time, or assign more than one role to a member or group. Users are notified of membership changes through their BPM worklist (if the SOA server is configured to use Oracle BPM Worklist) or by email (if configured).

Note:

You can assign more than one role to a member or group. If you want a member or group to have the permissions inherent in two or more roles, you can assign the appropriate roles to the member. The ability to assign multiple roles to a member or group eliminates the need to create new roles in such instances.

To assign or change a member's current role in a portal:

  1. In the portal administration, click Security in the left navigation pane, then click the Members subtab.
  2. On the Members page, select one or more members (Ctrl+click to select multiple members), and then click Assign Roles.
    The Assign Roles dialog shows the current roles available in the portal.
  3. In the Assign Roles dialog, select one or more roles to assign or click to deselect the current roles assignment.

    • If you are not sure which roles to select, click the Roles tab to determine the range of actions that current roles allow.

    • If the existing roles do not meet your requirements, consider creating a new role.

  4. Click OK.

    The Roles column next to the member's name shows the roles to which the member is assigned.