29 Managing Members and Assigning Roles in a Portal
Permissions:
To perform the tasks in this chapter, you need the Portal Manager
role or a custom role that includes the portal-level Manage Membership
permission. Users with this permission can manage portal members and their role assignments.
Topics:
About Portal Membership
Member participation is central to any portal. It is the portal manager's responsibility to manage membership and determine member participation through the permissions assigned to the various roles defined for the portal. Members can be added to a portal in several ways:
-
If a portal is discoverable (see Making a Portal Known (Discoverable)), it can be made known to anyone logged in to WebCenter Portal through searches and the Portals page. Users can join or request membership, depending on the self-service settings established by the portal manager (see Managing Self-Service Membership for a Portal).
-
If a portal is made public (see Granting Public Access to a Portal), it is available to anyone with access to WebCenter Portal, provided the
Public-User
role is granted appropriate permissions (see Viewing and Editing Permissions of a Portal Role). -
portal managers can add or invite individual members or groups at the time a portal is created, or later (see Adding Members to a Portal).
Setting Up Membership Options for a Portal
Portal managers determine the membership policy for their portal, choosing between an "invitation only" membership policy, allowing users to join themselves by subscribing to (and unsubscribing from) the portal, adding new members directly, or using any combination of these membership options.
Enabling self-service does not necessarily mean that users automatically gain access to a portal. Portal managers can still control who joins (or leaves) the portal through an approval process.
Default membership permissions are derived from the template used to create the portal. Portal managers can change these settings at any time. This section describes:
Managing Self-Service Membership for a Portal
As a portal manager, you can limit access to a portal by invitation only, or allow users to join themselves, without an invitation, through self-service.
Additionally, you may allow users to join a portal or change their portal membership without approval, or require approval for certain roles. When membership requests require approval, new members do not automatically gain access when they subscribe to a portal. Instead, the portal manager receives a subscription notification to accept or reject.
To manage self-service for a portal:
-
In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Members subtab.
Tip:
You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.
-
Click Options to open the Membership Options dialog.
-
Under Invite Options, select Enable Invite Portals Users to allow portal managers (or members with
Manage Membership
permission) to invite other WebCenter Portal users to join the portal. Deselect this option to disallow invitations to join the portal.Tip:
The Enable Invite Portals Users check box displays only when WebCenter Portal workflows are configured.
See Managing the SOA Connection for WebCenter Portal in Administering Oracle WebCenter Portal.
-
Under Membership Self-Service:
-
To prevent non-members from joining the portal through self-service or requesting changes to their current membership, select Do Not Allow Self-Service Membership or Self-Service Membership Change.
-
To allow non-members to join a portal and members to request changes to their current membership, select Allow Self-Service Membership or Self-Service Membership Change (All Roles Available).
Note:
If you select this option, make sure that the portal is discoverable so that other people can see the portal on their Portals page and through searches .
When you select this option:
-
Any WebCenter Portal user can join the portal.
See Joining a Portal in Using Portals in Oracle WebCenter Portal.
-
After joining the portal, members can change their roles in the portal, or cancel their membership
See Changing Your Role in a Portal and Cancelling Your Portal Membership in Using Portals in Oracle WebCenter Portal.
If a portal manager is required to approve before the request is granted, select Portal Manager Approval Required.
Tip:
The Portal Manager Approval Required check box displays only when WebCenter Portal workflows are configured.
See Managing the SOA Connection for WebCenter Portal in Administering Oracle WebCenter Portal.
-
-
To specify which roles users see on Request Membership and Change Membership pages, select Allow Self-Service Membership or Self-Service Membership Change (Selected Roles Available) to display a table showing all the roles available.
Figure 29-3 Choosing Roles Available on Self-Service Membership
Description of "Figure 29-3 Choosing Roles Available on Self-Service Membership "-
Select Enable to offer the role on the Request Membership and Change Membership pages. Deselect Enable to hide a role.
-
Select Approval Required to specify that portal manager approval is required before the request is granted. The request is sent to the portal manager's worklist (if a SOA connection to Oracle BPM Worklist is configured) to approve or reject (if the portal has multiple managers, all managers receive the request; only one manager is required to process the request). Deselect Approval Required to allow the change without portal manager’s approval.
Tip:
The Approval Required check box displays only when WebCenter Portal workflows are configured.
See Managing the SOA Connection for WebCenter Portal in Administering Oracle WebCenter Portal.
-
-
-
Click Save.
Managing Self-Service Membership Removal from a Portal
If portal manager approval is required to unsubscribe from a portal, a request to unsubscribe is sent to the portal manager's worklist (if a SOA connection to Oracle BPM Worklist is configured) when a member leaves, which the portal manager can choose to either accept or reject.
To configure approval options for cancelling portal membership:
Composing Messages to New Members
When you add or invite someone to your portal, they receive a message through the Mail service (if configured) and through their worklist (if the SOA connection to Oracle BPM Worklist is configured). Before you start recruiting new members, take some time to compose suitable greetings and messages for the following scenarios:
-
Adding an existing user as a member of your portal.
-
Inviting an existing user to join your portal.
-
Inviting someone to register with WebCenter Portal and join your portal.
To compose messages sent out to new members:
-
In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Members subtab.
Tip:
You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.
-
Click Options to open the Membership Options dialog.
Figure 29-6 Portal Administration: Members Page
Description of "Figure 29-6 Portal Administration: Members Page" -
Under Membership Notification Messages, enter messages in the appropriate sections:
-
Add Member Message - Enter a short message to include in membership notifications. Use the message text to welcome new members and introduce your portal.
-
Invite Member Message - Enter a short message to include in membership invitations to users who are registered with WebCenter Portal. Use the message text to describe the portal and how it might be of use to them. Membership invitations display in a user's worklist (if the SOA server is configured to use Oracle BPM Worklist) and the invitation includes an Accept button that the invited party must click to accept the membership invitation. If the SOA server is configured to send worklist notifications by mail, invited users receive the notification in both their Oracle BPM Worklist and mail.
Tip:
This section displays only when WebCenter Portal workflows and SOA server are configured.
Refer your system administrator to Troubleshooting WebCenter Portal Workflows in Administering Oracle WebCenter Portal.
-
Invite Non-Registered Users Message - Enter a short message to include in membership invitations to people who are not registered WebCenter Portal users. Use the message text to describe the portal and how it might be of use to them. Membership invitations are sent by mail using the Mail service. The invitation includes a secure URL that the invited party must click to accept the membership invitation. Unregistered users will then be prompted to register with WebCenter Portal before gaining access to your portal.
-
-
Click Save.
Adding Members to a Portal
This section describes various ways that a portal manager can enlist members for your portal:
Searching for a User or Group in the Identity Store
For any task that requires searching for a user or group, use the information in this section to contruct your search string. For example, the following tasks require you to specify a user or group name:
-
Setting Personal Page Security in Using Portals in Oracle WebCenter Portal
-
Composing and Sending Mail Messages in Using Portals in Oracle WebCenter Portal
The search mechanism used by WebCenter Portal to locate users and groups in the identity store follows specific rules. Keep the following tips in mind when you construct your search string:
-
The search operates on First Name, Last Name, Mail Address, User ID, and Common Name. For example, in Oracle Internet Directory (OID), the search operates on
givenname
,sn
,mail
,uid
, andcn
.For information about mapping user attributes to their corresponding names in different LDAP directory servers, see Mapping User Attributes to LDAP Directories in Securing Applications with Oracle Platform Security Services.
-
Specify a wildcard (
*
) character anywhere in the search string to substitute for preceding or following characters. -
The search is not case-sensitive.
-
Leave the search term blank to list all users (or groups) in the identity store.
-
To search for a First Name, Last Name, Mail Address, User ID, or Common Name, specify one search term, specifying at minimum the first letter in any of these values.
-
To search for First Name or Last Name, specify two search terms separated by a space to search in First Name and Last Name, respectively. Specify at minimum the first letter in each value.
-
To search for a First Name or Last Name, either of which have multiple names, specify multiple search terms separated by spaces. The multiple names are treated as a single field, including the space character. The first search term specifies the search on the First Name field and the last search term specifies the search on the Last Name field. The intervening search terms are ignored. Specify at minimum the first letter of each value.
For example, the following entry in the identity store defines a WebCenter Portal user:
- First Name (
givenname
)=James Robert
- Last Name (
sn
)=van Order
- Mail Address (
mail
)=jim.van.order@example.com
- User ID (
uid
)=jimbo
- Common Name (
cn
)=Jim
Table 29-1 lists search terms that will show this user in the search results. For search terms that will not show this user in the search results, see Table 29-2.
Table 29-1 Search Terms That Find James Robert van Order
Search Terms | Search Results |
---|---|
|
All found in First Name ( Results show all users where search term begins the First Name, Last Name, Mail Address, User ID, or Common Name. |
|
Both found in Last Name ( Results show all users where search term begins the First Name, Last Name, Mail Address, User ID, or Common Name. |
|
Results show all users where search term begins the First Name, Last Name, Mail Address, User ID, or Common Name. |
|
Results show all users where search term begins the First Name, Last Name, Mail Address, User ID, or Common Name. |
|
Results show all users where first search term begins the First Name, or second search term begins the Last Name. |
|
Results show all users where first search term begins the First Name, or second search term begins the Last Name. |
|
Results show all users where first search term begins the First Name, or last search term begins the Last Name. Intervening term is ignored. |
|
Results show all users where first search term begins the First Name, or last search term begins the Last Name. Intervening terms are ignored. |
Table 29-2 lists search terms that will not show this user in the search results.
Table 29-2 Search Terms That Do Not Find James Robert van Order
Search Terms | Search Results |
---|---|
|
Results show all users where search term begins the First Name, Last Name, Mail Address, User ID, or Common Name. |
|
Results show all users where search term begins the First Name, Last Name, Mail Address, User ID, or Common Name. |
|
Results show all users where first search term begins the First Name, or second search term begins the Last Name. |
Adding Registered Users and Groups
As a portal manager, you can add any user currently registered with WebCenter Portal as a member of your portal. When the SOA server and WebCenter Portal workflows are configured, added users receive notification in their activity stream and through a mail message (if the SOA server is configured to send mail).
To add a member to your portal:
All the users and groups you select display in the Members section.
Note:
When adding groups, keep the following in mind:
-
Names of user groups are clickable, enabling you to drill down to see individual user names of group members.
-
A list of members does not display for dynamic groups based on Oracle Entitlements Server (OES) roles, since OES roles are based on dynamic attributes and therefore do not have any static members. For more information, see Configuring the Identity Store in Administering Oracle WebCenter Portal.
-
For WebCenter Portal to properly maintain enterprise group-to-role mappings, back-end servers, such as the content server, must support enterprise groups too. When back-end servers do not support enterprise groups, the message "
Group [name] not found in the Identity Store
" displays. For more information, see Troubleshooting Issues with Users and Roles in Administering Oracle WebCenter Portal.
Inviting a Registered User
As a portal manager, you can invite anyone who is currently registered with WebCenter Portal to become a member of your portal. Invited users receive notification through the mail messages (if SOA server is configured to send mail) and through their worklist (if the SOA server is configured to use Oracle BPM Worklist).
To invite someone to become a member of your portal:
If you want to cancel an invitation, delete the invited member from the list.
Invited users receive an invitation to join the portal through a mail message (if SOA server is configured to send mail) and through their BPM worklist (if the SOA server is configured to use Oracle BPM Worklist) with the message you composed in Step 2. The invitation includes a secure URL that the invited party must click to register with WebCenter Portal before gaining access to your portal.
Inviting a Non-Registered User
If your system administrator has allowed non-registered people to self-register, portal managers can invite anyone with a valid mail address to join the portal. Prospective members receive an invitation by mail (if SOA server is configured to send mail), inviting them to join the portal. Upon accepting the invitation, non-registered users are prompted to register with WebCenter Portal before gaining access to the portal.
To invite someone outside the WebCenter Portal community to join your portal:
Prospective members receive a mail invitation (if SOA server is configured to send mail) to join the portal with the message you composed in Step 2. The invitation includes a secure URL that the invited party must click to register with WebCenter Portal before gaining access to your portal. If invited users experience no response when they attempt to register with WebCenter Portal, they should refresh their browser and try again.
Allowing a Registered User to Self-Subscribe
Self-subscription enables existing WebCenter Portal users to request membership without an invitation from the portal manager. Certain types of portals, especially interest-based communities, are particularly suited to this form of member enrollment as the portal often reaches a wider audience.
The capabilities of self-service members depends on which roles you decide to offer on the Request Membership page. For more information, see Managing Self-Service Membership for a Portal.
If a user's self-subscription request is pending approval by the portal manager, the user's attempt to access the portal opens the Home portal. When a user is a member of a portal, the user's attempt to access the portal opens the first accessible page of the portal.
Assigning or Changing Member Role Assignments
A portal manager can change a member's role at any time, or assign more than one role to a member or group. Users are notified of membership changes through their BPM worklist (if the SOA server is configured to use Oracle BPM Worklist) or by email (if configured).
Note:
You can assign more than one role to a member or group. If you want a member or group to have the permissions inherent in two or more roles, you can assign the appropriate roles to the member. The ability to assign multiple roles to a member or group eliminates the need to create new roles in such instances.
To assign or change a member's current role in a portal:
Note:
Before assigning roles, you must create roles, as described in Defining Custom Roles for a Portal.
Approving Requests for Membership of a Portal
Note:
To view and use worklist notifications, WebCenter Portal must be configured to a SOA server and you must be set up to use Oracle BPM Worklist. For more information about approving requests using Oracle BPM Worklist, see Approving Tasks in Administering Oracle SOA Suite and Oracle Business Process Management Suite
If you want to approve a membership request, you must select the option Portal Manager Approval Required in the Membership Options dialog (see Managing Self-Service Membership for a Portal). As a portal manager, notifications appear in your BPM Worklist to approve or reject requests for portal membership or a new role in the portal.
For more information, see Managing the SOA Connection for WebCenter Portal in Administering Oracle WebCenter Portal.
The person making the request receives notification of your decision. If you reject a request, you can enter the reason for the rejection.
Communicating with Managers and Members of a Portal
You can send messages to individual members, and also to the portal manager(s) or all the members of a portal. WebCenter Portal creates a default distribution list for every portal if the Mail server is Microsoft Exchange and active directory connection details (LDAP) are provided in the mail server connection settings. As members leave or join the portal, the default distribution list updates automatically.
For information about setting up a custom portal mail distribution list, see Configuring the Mail Distribution List for a Portal.
Any user can send mail to the members or the portal managers of a portal from the portal browser or when viewing a portal, as described in Sending Mail to Portal Members or Managers in Using Portals in Oracle WebCenter Portal.
Portal managers can also send mail to all members or individual members of a portal from the Members page: