1. Administering Oracle WebCenter Sites
  2. Managing Users and Security
  3. Configuring Users, Profiles, and Attributes

12 Configuring Users, Profiles, and Attributes

You can create users in WebCenter Sites, as well as configure their profiles and user attributes.

For more information about creating users in external sources, see the product documentation:

About Creating WebCenter Sites Users

You can create users in WebCenter Sites through WebCenter Sites native user manager, through WEM Admin, or through external user managers such as LDAP.

Every WebCenter Sites user is defined by the following set of data:

  • User account, which gives the user access to the WebCenter Sites system and its database tables.

  • User profile, which is required for users who are working with:

    • WebCenter Sites applications

    • Language packs and setting a default language

    • Workflow processes, in which email messages are sent to notify workflow participants of their assignments. The user profile supports workflow actions by mapping a user name to an email address.

  • User attributes (in addition to the email and locale attributes in the user profile), if actions and events in addition to workflow must be supported.

After users are created and configured, they must be associated, by means of roles, with the sites they are to work in. (Procedures for associating users with sites are given in Assembling Content Management Sites.)

Understanding User Management Options

To connect to external directory servers or user managers that contain authentication information, user information, and so on; use WebCenter Sites Directory Services API to enable your WebCenter Sites system.

The following connection options are available:

  • Central Authentication Service (CAS) —the WebCenter Sites native user manager, which uses the native WebCenter Sites user management tables SystemUsers and SystemUserAttrs.

  • Oracle Access ManagementWebCenter Sites integrates with Oracle Access Management to provide a seamless single-sign on experience. For maximum security, Oracle highly recommends using this authentication method on production environments.

  • LDAP directory—with this option, user names and attributes are stored in an LDAP directory server rather than in the WebCenter Sites database. For maximum security, Oracle highly recommends using this authentication method as an alternative to Oracle Access Management integration on production environments.

Because WebCenter Sites security is based on ACLs, any external user management system (such as Oracle Access Management or an LDAP directory) must be configured to match the WebCenter Sites ACLs.

Information about switching to an external authentication solution is given in Switching to External Authentication in Installing and Configuring Oracle WebCenter Sites. Properties that configure the plug-ins are located in the wcs_properties.json and ldap.ini files. The files are described in Properties in the User Category in Property Files Reference for Oracle WebCenter Sites.

Note:

This guide uses the native (CAS) WebCenter Sites user manager throughout.

The following topics provide information about your user management options:

Understanding Native WebCenter Sites User Manager

If you are using the native WebCenter Sites user manager, follow the guidelines in Roadmap for Administering WebCenter Sites to create and configure users, and then grant them access to the management system.

Understanding the LDAP Plug-In

If you are using LDAP to manage your users on either the management or the delivery system, you create user accounts with LDAP rather than with the WebCenter Sites administrator's interface. However, you must still use the administrator's interface to create ACLs and roles in the WebCenter Sites database.

Configuring Users in WebCenter Sites

You can configure users in WebCenter Sites and thereby edit and maintain a user account, user profile, and, if necessary, user attributes.

Familiarize yourself with the concepts of user account, user profile, and, if necessary, user attributes as follows:

  • A user account is required for anyone who is to work with WebCenter Sites.

  • A user profile is required for users who work with WebCenter Sites modules and products, setting a default language, and participating in workflow processes in which email messages are sent.

  • User attributes, in addition to the locale and email attributes in the user profile, could be required for your operation. If so, the additional attributes can be created.

When you have created the user, you must enable that user for the appropriate sites by assigning roles to the user name for each site the user will work in. See Granting Users Access to a Site (Assigning Roles to Users).

After you have created and enabled a new user, be sure to give that user the following information:

  • The user name/password combination of the user account.

  • The URL to the WebCenter Sites:

    http://<server>:<port>/<context>/login

    where

    <server> is the host name or IP address of the system running WebCenter Sites. Depending on how the system was set up, you might also have to include the port number— server:8080 for example; and

    <context> is the name of the web application on the same server.

See the following topics for instructions on creating modifying and deleting user accounts, profiles, and attributes:

Working with User Accounts

To control and manage user accounts, you can create, edit, and delete users in the WebCenter Sites administrator's interface.

The following topics provide procedures for creating, editing, and deleting users in the WebCenter Sites administrator's interface.

Note:

If you are using LDAP, see the LDAP product documentation. If you are using WEM Admin, see Managing Users in the WEM Admin Interface.

Also, be sure to substitute the word "group" for the word "ACL" when reading that guide, and create users who belong to the groups with these names.

Creating a User in the Admin Interface

The following task provides information and instructions about creating a user in the Admin interface.

Note:

If you are using LDAP, see the LDAP product documentation.

Before creating a user, determine the user's:

To Create a User in the Admin Interface

  1. In the General Admin tree, expand the Admin node, expand the User Access Management node, and then double‐click User.

  2. In the User form, select Add User and click OK.

    You can add a user name before clicking OK; it will appear auto-filled in the Login Name field on the next form.

    The Add User form opens.

    Figure 12-1 Add User Form

    Description of Figure 12-1 follows
    Description of "Figure 12-1 Add User Form"

  3. Fill in the fields in the Add User form:

    1. In the Login Name field, enter a unique name. Do not include spaces or special characters, such as punctuation. The underscore character (_) is allowed.

    2. In the Access Privileges list, select ACLs for the user. To select multiple ACLs, Ctrl-Click each ACL; you can also select a range of ACLs by selecting the first and last ACL in the range with Shift-Click.

    3. Enter the same password into the Password and Re-Enter Password fields.

    4. Click Add.

      The user is created.

You can create a general administrator. For more information about making the user an administrator or a content contributor, see Creating Common User Types.

To Follow Up With Post-Creation Procedures

  1. If the user implements any of the following options, create a profile for the user:

    • Oracle WebCenter Sites products such as Oracle WebCenter Sites: Engage.

    • Language packs and different languages.

    • Workflow processes that send email messages.

    See Creating and Editing a User Profile.

  2. If the user requires attributes in addition to or in place of locale and email (specified in the user profile), create the attributes. For instructions, see Modifying, Adding, and Deleting User Attributes.

  3. After the user has been completely defined, you must associate the user with a site by means of roles.

    1. If you have not done so, create roles for the user, following instructions in Creating a Role From the Admin Interface.

    2. To associate the user to the site, create the site and add the user to the site. For instructions, see Creating a Site From the Admin Interface and Granting Users Access to a Site (Assigning Roles to Users).

Creating Common User Types

When creating a user, it is important to consider the roles that the user will have on separate websites. In many cases, a user could be an administrator on one site and a content contributor on another. The following topics detail how to make each user a specific type of user.

Making the User a General Administrator

The general administrator for a site controls all aspects of the site. You should be aware that when a user is a general administrator, their administrative actions can only be controlled when they are logged in to the one site, however, they can administrate all sites when logged in.

  1. For the newly created user, ensure that it has the correct ACLs assigned to it.

    To determine the ACLs for a user, see Required ACLs for Custom Users. Looking at the table there, you can see that the ACLs for a general administrator are Browser, Element Reader, PageReader, UserReader, xceleditor, xceladmin, TableEditor, UserEditor, and VisitorAdmin.

  2. In the General Admin tree, expand the Admin node, expand the User Access Management node, expand the REST Security node, expand the Assign Users to Groups node, and then double-click Add New.

    The Assign Groups to User form opens.

  3. Select the user to make a general administrator, and then select RestAdmin in the Groups field.

    You can use Ctrl-Click to select multiple users or groups, but as you will likely make few general administrators, it is suggested you add them one at a time to ensure you do not accidentally add a user to the RestAdmin group.

  4. In the General Admin tree, expand the Admin node, expand the Sites node, and then select the site to add the user to.
  5. Click Users.

    The User Role Management form opens.

    This form is also available under Site Admin tab. Double-click Users if you are logged in to the specific site.

  6. Enter the login information for the user, and then click the Edit icon.

    The Edit Roles for User form opens.

  7. Select GeneralAdmin and any other roles you wish the user to have on this website.

    Note:

    The names of roles used in this documentation are the names of the roles used in the FirstSiteII example website that comes installed. You can choose to use different roles or role names with your published website.

    When adding a general administrator to a site, consider if you will want the same person to have different roles on a different site. You will have to assign these roles to the user when logged in to the site or sites you want to assign these different roles for the user on.

    When a user has general administrator rights, the Admin tab will only appear when they are logged into the website (or websites) where they have the general administrator role.

Making the User a Site Administrator
  1. For the newly created user, ensure that it has the correct ACLs assigned to it.

    To determine the ACLs for a user, see Required ACLs for Custom Users. Looking at the table there, you can see that the ACLs for a site administrator are Browser, Element Reader, PageReader, UserReader, xceleditor, and xceladmin.

  2. In the General Admin tree, expand Admin, then Sites, and then expand the site to add the user to.
  3. Double-click Users.

    The User Role Management form opens.

    This form is also available under the Site tree, by expanding Site Admin, and then double-clicking Users under the site you are logged in to.

  4. In the Username field, enter the name of the user, and then click Select.
  5. In the User Role Management form, click the Edit icon next to the user’s name.

    The Edit Roles for User form opens.

  6. In the Roles field, select SiteAdmin and Advanced User and any other roles you wish the user to have on this website. The SiteAdmin role grants the user access to the Site Admin tab, the AdvancedUser role grants access to the Admin interface.
  7. Click Save.
  8. In the General Admin tree, expand Admin, then User Access Management, then REST Security, and then Assign Users to Groups.
  9. Click Add New.
  10. Select the user to make a site administrator, and then select SiteAdmin_AdminSite in the Groups field.

    You can use Ctrl-Click to select multiple users or groups, but as you will likely make few site administrators, it is suggested you add them one at a time to ensure you do not accidentally add a user to the SiteAdmin_AdminSite group.

  11. Click Save.

Note:

The names of roles used in this documentation are the names of the roles used in the avisports sample site that comes installed. You can choose to use different roles or role names with your published website.

When adding a site administrator to a site, consider if you will want the same person to have different roles on a different site. You will have to assign these roles to the user when logged in to the site or sites you want to assign these different roles for the user on.

When a user has site administrator rights, the Site tree will only appear when they are logged into the website (or websites) where they have the site administrator role.

Making the User a Workflow Administrator
  1. For the newly created user, ensure that it has the correct ACLs assigned to it.

    To determine the ACLs for a user, see Required ACLs for Custom Users. Looking at the table there, you can see that the ACLs for a workflow administrator are Browser, Element Reader, PageReader, UserReader, xceleditor, and xceladmin.

  2. In the General Admin tree, expand the Admin node, and then expand the site to add the user to.
  3. Double-click Users.

    The User Role Management form opens.

    This form is also available under the Site tree by expanding Site Admin node, and then double-clicking Users node if you are logged in to the specific site.

  4. In the Username field, enter the name of the user, then click Select.
  5. In the User Role Management form, click the Edit icon next to the user’s name.
    The Edit Roles for Users form opens.
  6. In the Roles field, select WorkflowAdmin and AdvancedUser, and any other roles you wish the user to have on this website. The WorkflowAdmin role grants the user access to the Workflow node (under the Admin node in the General Admin tree), and the AdvancedUser role grants access to the Admin interface.

    Note:

    The names of roles used in this documentation are the names of the roles used in the FirstSiteII example website that comes installed. You can choose to use different roles or role names with your published website.

    When adding a workflow administrator to a site, consider if you will want the same person to have different roles on a different site. You will have to assign these roles to the user when logged in to the site or sites you want to assign these different roles for the user on.

    When a user has workflow administrator rights, the Workflow tab will only appear when they are logged into the website (or websites) where they have the workflow role.

  7. Click Save.
Making the User a Content Contributor

For the newly created user, ensure it has the correct ACLs assigned to it.

To determine the ACLs for a user, see Required ACLs for Custom Users. Looking at the table, you can see that the ACLs for all users are Browser, ElementReader, PageReader, UserReader, and xceleditor. You may want to add additional ACLs required for a content contributor, depending on the type of content you want the user to contribute.

For example, the PageEditor ACL would allow the user to add pages to the site, and modify the content based on the defined elements. The ElementEditor ACL would allow the contributor to create templates. For more information about the specific ACLs and how they impact the contributor's editing access, see System Defaults.

The user does not require additional ACLs if you only want them to modify existing content on a page. Simple editing is contained in the assigned role.

  1. Open the General Admin tree, then expand the Site node, and then expand the site to add the user.
  2. Click Users.

    The User Role Management form opens.

    This form is also available under Site tree by expanding Site Admin and then double clicking Users under the name of the site you are logged in to.

  3. In the Username field, enter the name of the user, and then click Select.
  4. In the User Role Management form, click the Edit icon next to the user’s name.
  5. In the Roles field, select the SitesUser role.

    It may be necessary to add different roles depending on how the roles are connected to the assets. When assets are created, they are connected to roles. These roles are the only roles that have access to the asset.

    Note:

    Typically you would not assign a user the SitesUser role and the AdvancedUser role for the same website. The SitesUser role grants access to the Oracle WebCenter Sites: Contributor interface; the AdvancedUser role grants access to the Admin interface.

    The names of roles used in this documentation are the names of the roles used in the FirstSiteII example website. You can choose to use different roles or role names with your published website.

    Most content contributors do not require roles on the website beyond SitesUser, depending on how you have set up the different assets. Content contributors will make changes to the content only through the Contributor interface, and not through the Admin interface that administrators use.

  6. Click Save.

Editing a User From the Admin Interface

The following steps show you how to edit users in the WebCenter Sites Admin interface. If you are using LDAP, see the LDAP product documentation.

To edit a user:

Caution:

Do not change the names or ACLs of WebCenter Sites system users (DefaultReader, ContentServer, xceladmin).

  1. In the General Admin tree, expand the Admin node, expand the User Access Management node, and then double‐click User.
  2. In the form that opens, enter the name of the user you want to work with. If you do not know the user name, leave the field blank; WebCenter Sites will return a list of all users in the system.
  3. Select Modify User and click OK.
  4. In the list of users, select the user you want to work with.
  5. In the Modify User form, make the changes, then click Modify.

Deleting a User from the System Using the Admin Interface

The following steps shows you how to delete users from the WebCenter Sites system using the WebCenter Sites Admin interface. If you are using LDAP, see the LDAP product documentation.

Note:

Before deleting a user(internal, that is stored in Sites database or external, that is LDAPs), ensure that all the resources belonging to the user have been released. For example, if there are any assets checked-out by the user, they should be released. Also, if the user is part of any workflow step, he should be removed from workflow.

Caution:

Do not delete any of the WebCenter Sites system users (fwadmin - or the users used as admin, ContentServer, or DefaultReader).

  1. Delete the user profile, as shown in Deleting a User Profile in the Admin Interface.
  2. In the General Admin tree, expand the Admin node, expand the User Access Management node, and then double-click User.
  3. In the form that opens, enter the name of the user you want to delete. If you do not know the user name, leave the field blank; WebCenter Sites will return a list of all users in the system.
  4. Select Delete User and click OK.
  5. In the list of users, select the Delete radio button next to the user you want to delete.
  6. Click Delete.

    A warning message opens.

  7. Click OK.

    The user is deleted from the WebCenter Sites system.

Working with User Profiles and User Attributes

A user profile defines a user and its access and roles and user attributes make up a user profile.

A user profile is required for any user who works with the following:

  • Sites modules and products.

  • Language packs.

  • Workflow processes in which email messages are sent to notify workflow participants of their assignments. The user profile supports workflow actions by mapping a user name to an email address.

A user profile holds a set of user attributes. By default, the only user attributes a user profile holds are:

  • The email attribute, which is used to support workflow actions and takes the user's email address as a value. You can create workflow actions that send workflow participants email about the assets that are assigned to them.

  • The locale attribute, which is used to determine which language to use for a given user. This attribute takes the user's preferred location as a value.

  • The timezone attribute, which is used to determine which time zone to use for a given user. This attribute takes the user's preferred time zone as a value.

If the user was created in the WEM Admin interface, the avatar is also an attribute. You can add more user attributes and store values for them in the WebCenter Sites user management tables. However, to use these values in the WebCenter Sites interfaces requires you to customize the elements that display the user profile forms. See Customizing Oracle WebCenter Sites in Developing with Oracle WebCenter Sites.

This section covers the following topics:

Creating and Editing a User Profile

If you are using LDAP, be aware of system responses to user and site management operations. For more information about these system responses, see Users, Sites, and Roles in LDAP‐Integrated Sites Systems.

To create or edit a user profile:

  1. In the General Admin tree, expand the Admin node, expand the User Access Management node, and then double-click User Profiles.

    The User Profile Management form opens.

  2. In the form, enter the user name and click Select.

    The profile of the selected user opens.

  3. Click the Edit icon.

    The Edit User Profile form opens.

    Figure 12-2 Edit User Profile Form

    Description of Figure 12-2 follows
    Description of "Figure 12-2 Edit User Profile Form"
  4. In the Email field, enter the user's email address.
  5. (Optional) Select a locale preference for this user from the Locale Preference drop-down list. The user's local preference overrides the language preference for the WebCenter Sites system (which is set from the Locale Manager).

    Note:

    If you do not set a locale preference for the user (No preference is selected in the Locale Preference drop-down list), the WebCenter Sites interfaces display in the language set for the WebCenter Sites system.

  6. (Optional) In the Time Zone drop-down list, select the user's time zone preference. If you do not specify a time zone preference (Auto-Detected is selected in the drop-down menu), the system will automatically detect the time zone of the user from the user's browser.
  7. Click Save.
  8. Enable this user for the sites the user must to work with. For instructions, see Granting Users Access to a Site (Assigning Roles to Users).

Deleting a User Profile in the Admin Interface

To delete a user profile:

  1. In the General Admin tree, expand the Admin node, expand the User Access Management node, and then double-click User Profiles.

    The User Profile Management form opens.

  2. Click Delete.

    A warning message opens.

  3. Click Delete User Profile.

    A message confirming the deletion opens.

    Note:

    Before deleting a user(internal, that is stored in Sites database or external, that is LDAPs), ensure that all the resources belonging to the user have been released. For example, if there are any assets checked-out by the user, they should be released. Also, if the user is part of any workflow step, he should be removed from workflow.

Modifying, Adding, and Deleting User Attributes

By default, the only user attributes that the WebCenter Sites content applications require are an email address and locale preference. Users created in WEM will additionally have an avatar attribute. You use the user profile feature to assign these attributes to a user, as shown in Creating and Editing a User Profile. If you have to, you can store and use additional user attributes for your users in this table, even if you are using LDAP.

Note:

If LDAP is integrated with WebCenter Sites, user attributes such as locale, timezone, and email are stored in LDAP; and these attributes are not editable in WebCenter Sites.

The Modify User Attributes option allows you to modify the attributes that are used in the user profile. It also allows you to add and delete attributes.

To modify a user's attributes:

  1. In the General Admin tree, expand the Admin node, expand the User Access Management node, and then double-click User.
  2. In the form that opens, enter the name of the user you want to work with. If you do not know the user name, leave the field blank; WebCenter Sites will return a list of all users in the system.
  3. Click the user name in the list that whose attributes you want to modify.

    The User Attributes form opens.

    Figure 12-3 User Attributes Form

    Description of Figure 12-3 follows
    Description of "Figure 12-3 User Attributes Form"
  4. In the fields of the User Attributes form, complete at least one as required:

    • Change the current value (or values) assigned to an attribute by editing the contents of the Attribute Values field.

    • Add a new attribute by entering its name and at least one value in the fields at the bottom of the form.

    • Delete any unwanted attributes by deleting the associated value (in the Attribute Values field).

  5. Click Modify.

    Your changes are committed to the database.