40 System Defaults

If you see the system defaults data, you can get more information about the more routinely used default data, such as ACLs, roles, asset types, and tree tabs.

Topics:

ACLs

WebCenter Sites and its applications use several default ACLs to control user access to their features and functions. This section summarizes the permissions that can be specified in an ACL, and describes the default system ACLs.

This section covers the following topics:

Permissions

An ACL specifies a set of permissions. When an ACL is assigned to a database table, only the permissions specified in the ACL can be exercised on the database table. Only a user with the same ACL as the table can exercise those permissions.

The following table lists all the permissions that can be specified in an ACL.

Table 40-1 Permissions Supported by WebCenter Sites

Permissions Bit Mask (see note 1) Action

Read

1

Read data from a table.

Write

2

Write information to a table. (see note 2)

Create

4

Create a table.

Delete

8

Delete information from a table.

Retrieve

16

Retrieve the contents of a URL column, also known as an upload field. For more information about URL columns, see Indirect Data Storage with the WebCenter Sites URL Field in the Developing with Oracle WebCenter Sites.

Revision Tracking Audit

32

Access all the revision tracking information for the rows (records) in a tracked table.

Revision Tracking Admin

64

Assign or remove revision tracking on a table.

Note:

  • When an ACL is created, the bit mask numbers for each permissions assigned to an ACL are added together and the totals are listed with the ACL in the SystemACL table.

  • To add a row to a table, the user must have Create permission.

Accessing ACLs

ACLs and their permissions are accessible as either a listing or an individual entry.

  • To obtain the list of ACLs and their permissions, open the SystemACL table directly.

  • To obtain an individual ACL and its permissions, use the administrator's interface:

  1. In the General Admin tree, expand the Admin node, expand the User Access Management node, and then double‐click ACLs.
  2. In the drop-down menu, select the ACL you want to work with.
  3. Select Modify ACL and click OK.

    Caution:

    Never modify a default system ACL. Never modify the SCLs assigned to any of the system tables.

System ACLs and Their Permissions

The following table lists the system ACLs and their permissions. Each system ACL exists to control access to specific parts of the database tables, and subsequently, the product features that use those tables. Although several of the default ACLs have the same set of permissions, the ACLs are all necessary because they are assigned to different tables.

Table 40-2 System ACLs and Their Permissions

ACL Name Read Retrieve Write Create Delete Rev. Track Audit Rev. Track Admin

Browser

Yes

No

No

No

No

No

No

ContentEditor

Yes

Yes

Yes

Yes

Yes

Yes

No

ElementEditor

Yes

Yes

Yes

Yes

Yes

Yes

No

ElementReader

Yes

No

No

No

No

No

No

PageEditor

Yes

Yes

Yes

Yes

Yes

Yes

No

PageReader

Yes

No

No

No

No

No

No

RemoteClient

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SiteGod

Yes

Yes

Yes

Yes

Yes

Yes

Yes

TableEditor

Yes

Yes

Yes

Yes

Yes

Yes

No

UserEditor

Yes

Yes

Yes

Yes

Yes

Yes

No

UserReader

Yes

No

No

No

No

No

No

Visitor

Yes

Yes

Yes

Yes

Yes

Yes

No

VisitorAdmin

Yes

Yes

Yes

Yes

Yes

Yes

Yes

WsAdmin

No

No

No

No

No

No

No

WSEditor

No

No

No

No

No

No

No

WSUser

No

No

No

No

No

No

No

xceladmin

Yes

Yes

Yes

Yes

Yes

Yes

Yes

xceleditor

Yes

Yes

Yes

Yes

Yes

Yes

No

xcelpublish

Yes

Yes

Yes

Yes

Yes

Yes

No

The following table describes the functions of each ACL and how each ACL is used by Oracle WebCenter Sites and the WebCenter Sites content applications.

Table 40-3 System ACLs and Their Descriptions

ACL Name Description

Browser

Allows read-only access to the content in the WebCenter Sites database. It is assigned to most of the system default and sample site users.

WebCenter Sites requires that all visitors to an online site that it manages have user accounts. For this reason, WebCenter Sites is delivered with a default user account, named DefaultReader, that it assigns to all non-authenticated visitors, that is, those who do not have a user account of their own.

The Browser ACL is assigned to the DefaultReader user account, which gives non-authenticated visitors read-only access rights to the content in the WebCenter Sites database.

ContentEditor

Used in a sample WebCenter Sites site.

This ACL is assigned to the tables that support the sample site.

ElementEditor

Allows users to write data to the ElementCatalog and SystemSQL tables.

Site designers and anyone who creates templates, CSElement, and SiteEntry assets require this ACL.

ElementReader

Allows users to read data in the ElementCatalog and SystemSQL tables.

WebCenter Sites users require this ACL so they can inspect the templates assigned to their assets.

PageEditor

Allows users to create page entries in the SiteCatalog table.

Site designers and anyone who creates a template, CSElement, or SiteEntry asset requires this ACL.

PageReader

Allows users to read page entries from the SiteCatalog table.

WebCenter Sites users require this ACL so they can inspect the templates assigned to their assets.

RemoteClient

Grants users the ability to log in to the WebCenter Sites management system through a remote client.

SiteGod

Enables complete access to all the tables in the WebCenter Sites database.

At least one user of the management system, typically an administrator, must have the SiteGod ACL.

TableEditor

Allows users to create and delete tables in the WebCenter Sites database.

Site designers who create database tables or who create asset types (which causes tables to be created) require this ACL.

Administrators or anyone else who will use the Initialize Mirror Destination feature also requires this ACL.

UserEditor

Allows users to manage user accounts.

Administrators require this ACL.

UserReader

Allows user account information to be recognized by WebCenter Sites. WebCenter Sites uses this ACL to determine which users have which roles on which sites. All users require this ACL to be able to access the content management sites to which they are assigned.

Visitor

Grants users the ability to write data to the Oracle WebCenter Sites: Engage tables that store visitor data, and to create recommendation assets.

  • Any Engage user who requires to create Recommendation assets requires this ACL.

  • Any authorized visitor (of Engage assets) whose data you are collecting on the delivery system must have this ACL assigned to their user account.

  • All unauthorized visitors of the online site are automatically assigned this ACL (in the DefaultReader user account). See Understanding DefaultReader, secure.CatalogManager, and secure.TreeManager.

VisitorAdmin

Grants users the ability to create visitor attributes, history attributes, and history types. Any Engage user who requires to create assets of those types requires this ACL.

WSUser

Assigned to SiteCatalog page entries for the Web Services feature. Grants users the ability to access WebCenter Sites through the WebCenter Sites web services.

WSEditor

Assigned to SiteCatalog page entries for the Web Services feature. Grants users the ability to access WebCenter Sites through the WebCenter Sites web services.

WSAdmin

Assigned to SiteCatalog page entries for the Web Services feature. Grants users the ability to access WebCenter Sites through the WebCenter Sites web services.

xceladmin

Grants users the ability to create user profiles, roles, sites, asset types, and so on—that is, to use all the functions in the Admin, Site Admin, and Workflow tabs.

System, site, and workflow administrators require this ACL. Also, because the Admin tab has both administrative and site design functions, site designers also require this ACL.

xceleditor

Grants users the ability to log in to the WebCenter Sites content applications. The login request code verifies whether a user has the ACL.

All users of the management system requires this ACL.

xcelpublish

Grants users the ability to view the Publish Console.

ACLs of Default Users

The following table describes which ACLs are assigned to the default users.

Table 40-4 Default Users and Their ACLs

User Name Browser Description

fwadmin

Browser

ElementEditor

PageEditor

PageReader

RemoteClient

TableEditor

UserEditor

UserReader

Visitor

VisitorAdmin

xceladmin

xceleditor

xcelpublish

wsadmin

wseditor

wsuser

Basic administrator user that WebCenter Sites creates so that you can begin configuring your WebCenter Sites content applications.

Do not delete this user unless another user with identical ACLs exists.

WebCenter Sites

(the installation's user account)

Browser

ContentEditor

ElementEditor

ElementReader

PageEditor

PageReader

SiteGod

TableEditor

UserEditor

UserReader

User account that the installation program creates during the installation of the products.

The name of this account is whatever the installers chose for it.

DefaultReader

Browser

Visitor

Browser is the ACL that WebCenter Sites assigns to non-authenticated site visitors on the delivery system. The Visitor ACL is also automatically assigned.

Required ACLs for Custom Users

The following table lists the ACLs that would be required by users based on common user descriptions.

Table 40-5 System ACLs Required by Users

User Required ACLs

All users

Browser, Element Reader, PageReader, UserReader, xceleditor

Workflow Administrator

Site Administrator

xceladmin

General Administrator

xceladmin, TableEditor, UserEditor, VisitorAdmin (for )

Site Designer

xceladmin, ElementEditor, PageEditor, TableEditor, Visitor (for ), Visitor Admin (for )

Users

Visitor

Users of Web Mode in the interface

Browser, ElementReader, PageReader, RemoteClient, UserReader, Visitor (for ), xceleditor

System Roles

The following table describes the system roles in , and the access the role has.

Table 40-6 System Roles

Role Description

GeneralAdmin

Default system role for global administrators.

Required for users who require access to the Admin tab (and all other possible functions) in the tree.

Note: A user with the GeneralAdmin role must also have the xceladmin ACL to use any of the functions in the Admin tab.

SiteAdmin

Default system role for site administrators.

Required for users who are administrators of selected sites and therefore require access to the Site Admin tab (which shows a subset of the functions in the Admin tab).

Assign the SiteAdmin role to users who will manage, but not create, other site users.

Note: A site user with the SiteAdmin role must also have the xceladmin ACL to use any of the functions on the Site Admin tab.

WorkflowAdmin

Default system role for workflow administrators.

Required for users who require access to the Workflow tab in the tree.

Note: A user with the WorkflowAdmin role must also have the xceladmin ACL to use any of the functions on the Workflow tab.

AdvancedUser

Grants users access to the Admin interface.

SitesUser

Grants users access to the interface.

System Asset Types

The following table lists the default asset types. Unlike custom asset types, system asset types cannot be deleted.

Table 40-7 System Asset Types

Asset Type Description

Attribute Editor

An attribute editor specifies how data is entered for a flex attribute when that attribute is shown on a New or Edit form for a flex asset or a flex parent asset. It is similar to a template asset. However, unlike a template asset, you use it to identify the code for to use when it shows an attribute in the interface—not when it shows the value of an attribute on your online site.

CSElement

Stores code (XML or JSP and Java) does not render assets. Typically, you use CSElements for common code to call from multiple templates (a banner perhaps). You also use CSElements to provide the queries that are required to create DynamicList recommendations in .

Collection

Stores an ordered list of assets of one type. You build collections by running one or more queries, selecting items from their resultsets, and then ranking (ordering) the items that you selected. This ranked, ordered list is the collection. For example, you could rank a collection of articles about politics so that the article about last night's election results is number one.

Dimension

Represents a locale in a site. You must create a Dimension asset for each locale you want to enable on the management system. To enable publishing of content in a given locale, you must publish the corresponding Dimension asset to the delivery system, and enable the locale in the site's dimension set.

Dimension Set

Defines which locales and locale filter are enabled on the online site. For locale filtering to work on the delivery site, you must create and publish to the delivery system at least one DimensionSet asset. Has no effect on the management system.

History Attribute

Individual information types that you group together to create a vector of information that treats as a single record. This vector of data is the history definition. For example, a history type called Purchases can consist of the history attributes SKU, itemname, quantity, and price. Available in .

History Definition

The vector of data in a History Attribute. This vector of data is the history definition. For example, a history type called Purchases can consist of the history attributes SKU, itemname, quantity, and price. Available in .

Page

Stores references to other assets. Arranging and designing page assets is how you represent the organization or design of your site. You design page assets by selecting the appropriate collections, articles, imagefiles, queries, and so on for them. Then, you position your page assets on the Site Plan tab that represents your site in the tree on the left side of the interfaces.

Promotion

Is a merchandising asset that offers some type of value or discount to your site visitors based on the flex assets (for example, products) that the visitor is buying and the segments that the visitor qualifies for. Available in .

Query

Stores queries that retrieve a list of assets based on selected parameters or criteria. You use query assets in page assets, collections, and recommendations. The database query can be either written directly in the New or Edit form for the query asset as a SQL query, or written in an element (with query tags or a as a search engine query) that is identified in the New or Edit form.

Recommendation

This is like an advanced collection. It collects, assesses, and sorts flex assets (products or articles, perhaps) and then recommends the most appropriate ones for the current visitor, based on the segments that visitor belongs to. Available in .

Segment

Assets that divide visitors into groups based on common characteristics (visitor attributes and history types). You build segments by determining which visitor data assets to base them on and then setting qualifying values for those criteria. For example, a segment could define people who live in Alaska and own fly fishing gear, or it could define people who bought a personal computer in the past six months, and so on. Available in .

SiteEntry

Represents a page or pagelet and has a CSElement assigned as the root element that generates the page. Template assets do not have associated SiteEntry assets because they represent both an element and a page.

Template

Stores code (XML or JSP and Java) that renders other assets into pages and pagelets. Developers code a standard set of templates for each asset type (other than CSElement and SiteEntry) so that all assets of the same type are formatted in the same way. Content providers can select templates for previewing their content assets without having access to the code itself or being required to code.

Visitor Attribute

Holds types of information that specify one characteristic only (scalar values). For example, you can create visitor attributes named Years of Experience, Job Title, or Number of Children. Available in .

Default Tree Nodes

The following table lists the default nodes in the tree in the WebCenter Sites Admin interface. These nodes are critical to WebCenter Sites. All features which stem from WebCenter Sites can be accessed through these nodes; they are automatically created upon installation.

Table 40-8 Default Tree Nodes in the WebCenter Sites Admin interface

Tab Description

Admin

Shows the administrative functions that affect all of the CM sites in the system. By default, only users with the default system role named GeneralAdmin have access to this tab.

Bookmarks

Holds a list of all bookmarked pages. Frequently-used pages can be marked and accessed from this tab to make finding them easier.

Connector Admin

Shows the administrative functions for administering WCC Connector.

History

Shows the assets that you worked with during the current session. All users see this tab as soon as they create, inspect, edit, or copy their first asset.

Mobility

Shows the administrative arrangement of mobile devices and their groupings. The administration of the mobile devices is done from here.

Site Admin

Holds a subset of the system-wide administrative functions. The subset applies only to the CM site that the SiteAdmin is logged in to. By default, only users with the default system role named SiteAdmin have access to this tab. This tab is useful if to individuals who manage access to individual CM sites, but who do not have to create users or sites.

Dev

A source for creating pages on your site. Some of these sources are: Templates, Product Definition, Content Definition, and other sources for the creating pages.

Site Navigation

Represents the layout and overview of the site. This tab shows each site that is controlled by WebCenter Sites. It lists the placed pages and the unplaced pages. The placed pages are pages which are created and have been integrated into the live site. Unplaced Pages are pages which are finished but are not integrated into the live site.

Workflow

Lists the workflow configuration functions. By default, only users with the Workflow Admin role have access to this tab.