1. WebCenter Sites Help
  2. Working with ACLs

52 Working with ACLs

This topic shows you how to create ACLs, edit, and delete custom ACLs; apply ACLs to the database tables and WebCenter Sites pages; and customize access restricted messages.

back to WebCenter Sites Help

Note:

When using an LDAP integration option, be aware of system response to user and site management operations. For information about system response, see “Users, Sites, and Roles in LDAP‐Integrated Sites Systems” in Administering Oracle WebCenter Sites.

  • Creating an ACL

  • Editing a Custom ACL

  • Deleting a Custom ACL

  • Assigning ACLs to Custom Tables

  • Assigning ACLs to WebCenter Sites Pages

Creating an ACL

Note:

When creating ACLs, consider the roles you are using to ensure that the ACLs are commensurate with the roles. For example, if you are creating a role that allows a user to create template assets, the user who is assigned that role must also be assigned the ElementEditor ACL, because creating templates writes data to the ElementCatalog table.

To create a new ACL:

  1. In the General Admin tree, expand the Admin node, expand the User Access Management node, and then double‐click ACLs.

    The ACLs form opens.

  2. Select Add ACL and click OK. The value in the Select an ACL field does not matter at this point.

    The Add ACL form opens.

  3. In the ACL Name field, enter a unique name.

  4. Select the access privileges you want to assign to this ACL. For information about each privilege, see “Permissions” in Administering Oracle WebCenter Sites.

  5. Click Add.

    WebCenter Sites creates the ACL and writes it to the SystemACL table. The new ACL opens in the drop-down list in the form described in step 1 of this procedure.

  6. If you are using LDAP, create a group (on your LDAP server) that exactly matches the ACL you just created. After you create the group, assign it to the appropriate users.

Editing a Custom ACL

Caution:

Never modify any of the system ACLs. For a list of these ACLs, see “System ACLs and Their Permissions in Administering Oracle WebCenter Sites.

To edit a custom ACL:

  1. In the General Admin tree, expand the Admin node, expand the User Access Management node, and then double‐click ACLs.

    The ACLs form opens.

  2. In the Select an ACL field, select the ACL to edit.

  3. Select Modify ACL and click OK.

    If the ACL you selected is a system ACL, an alert opens. Do not modify system ACLs.

  4. In the Modify ACL form, make the changes to the Description and Access Privileges. For information about the options, see “Permissions” in Administering Oracle WebCenter Sites.

  5. Click Modify.

    WebCenter Sites writes your changes to the SystemACL table.

Deleting a Custom ACL

Caution:

Never modify any of the system ACLs. For a list of these ACLs, see “System ACLs and Their Permissions in Administering Oracle WebCenter Sites.

To delete a custom ACL:

  1. If you are using LDAP, delete (from your LDAP server) the group corresponding to the ACL you are deleting.

  2. In the General Admin tree, expand the Admin node, expand the User Access Management node, and then double‐click ACLs.

    The ACLs form opens.

  3. In the Select an ACL field, select the ACL to delete.

  4. Select the ACL from the drop-down list and click OK.

    A warning message opens.

  5. Click OK.

    The ACL has been deleted.

Assigning ACLs to Custom Tables

If you or the site designers create tables, you might have to restrict access to those tables by assigning ACLs to them. Typically, you assign ACLs to new tables when you create those tables. (For more information, see “Controlling User Access” in Developing with Oracle WebCenter Sites.

Note:

Do not assign additional ACLs (beyond the ones assigned by default) to system or core product tables.

To assign ACLs to an existing table:

  1. In the General Admin tree, expand the Admin node, expand the User Access Management node, and then double‐click Sites Database.

    The Sites Databaseform opens.

  2. Enter the name of the table to which you want to assign ACLs. If you do not know the name of the table you want to work with, do the following:

    • Leave the field blank. WebCenter Sites will return a list of all tables in the database.

    • Enter a partial name, ending with the wildcard character (%). WebCenter Sites will return a list of tables named similarly to your criteria.

  3. Select Modify Table and click OK.

  4. In the list of tables, select the table.

    The Modify Catalog form opens.

  5. In the ACL field, select the ACL(s) you want to assign to the selected table. To select multiple ACLs, Ctrl-click each ACL. You can also select a range of ACLs by selecting the first and last ACL in the range with Shift-click.

    Note:

    Do not change the value of the File Storage Directory field. For information about this field, look up the defdir property in Developing with Oracle WebCenter Sites.

  6. Click Modify.

Assigning ACLs to WebCenter Sites Pages

ACLs are nearly always set using the Oracle WebCenter Sites Explorer tool. However, administrators can assign ACLs to the page entry created for SiteEntry or template assets through a field in the Create or Edit form.

To assign ACLs to a SiteEntry asset:

  1. Find and open the SiteEntry asset to modify.

  2. In the Access Control Lists field, select the ACLs to assign to this asset.

  3. Save the asset.

The Access Control Lists field is available when creating a new SiteEntry asset as well. Assign ACLs when creating SiteEntry assets in the same way.

To assign ACLs to a template asset:

  1. Find and open the template asset to modify.

  2. Select the Element section.

  3. In the Access Control Lists field, select the ACLs to assign to this asset.

  4. Save the asset.

The Access Control Lists field is available when creating a new template asset as well. Assign ACLs when creating template assets in the same way.

To assign ACLs to pages that are not associated with a SiteEntry asset or a template asset, use the Oracle WebCenter Sites Explorer tool.