1. WebCenter Sites Help
  2. Authorizing Users to Access Application Resources

48 Authorizing Users to Access Application Resources

back to WebCenter Sites Help

Before authorizing users to access application resources, see “REST Authorization” in Administering Oracle WebCenter Sites for background information relating to the steps provided in the following topics:

  • Viewing REST Security Configurations

  • Creating a Group

  • Adding Users to a Group

  • Configuring Security for REST Resources

Note:

To configure security for REST resources, you to must assign privileges to groups. To view the list of groups, continue with the section “Viewing REST Security Configurations”. To create groups, see the section “Creating a Group”.

Viewing REST Security Configurations

A security configuration identifies which groups have which permissions to which REST resources. WebCenter Sites defines security configurations for two default groups. They are RestAdmin and SiteAdmin_AdminSite.

To view REST security configurations:

  1. Log in to the WebCenter Sites Admin interface as a general administrator.

  2. In the General Admin tree, expand the Admin node, expand the User Access Management node, expand the REST Security node, and then double-click Configure Security.

    The Security Configurations window opens in the main window.

  3. Depending on your requirements, continue as follows:

    • To create a group, see the section “Creating a Group”.

    • To add users to a group, see the section “Adding Users to a Group”.

      Note:

      To complete this step, ensure that the required groups exist. You must assign privileges to the groups.

    • To configure security privileges for REST resources, see the section “Configuring Security for REST Resources”.

Creating a Group

To create a group:

  1. Log in to the Admin interface as a general administrator.

  2. In the General Admin tree, expand the Admin node, expand the User Access Management node, expand the REST Security node, expand the Groups node, and then double-click Add New.

  3. In the Add New Group form, enter a name and brief description about the group you want to create.

  4. Click Save.

    The group you created is now listed under the Groups node.

  5. Now that you have created a group, you can:

    • Add users to the group. For instructions, see the section “Adding Users to a Group”.

    • Configure REST security for the group. For instructions, see the section “Configuring Security for REST Resources”.

Adding Users to a Group

Add users to a group to determine the permissions that they will have to operate on REST resources associated with applications.

  1. Log in to the Admin interface as a general administrator.

  2. In the General Admin tree, expand the Admin node, expand the User Access Management node, expand the REST Security node, expand the Assign Users to Groups node, and then double-click Add New.

  3. In the Assign Groups to User form, select users and assign them to any combination of the listed groups.

    Note:

    If the user you want to assign to the group is not listed, that user is a member of a group. To assign the user to another group, see step 5.

  4. Click Save.

    The user names you selected are listed under the Assign Users to Groups node. To view the groups that include a particular user, double-click the user name.

  5. (Optional). If the name of the user you want to assign to a given group is not displayed in the User Name field, do the following:

    1. In the General Admin tree, expand the Admin node, expand the User Access Management node, expand the REST Security node, expand Assign Users to Groups, and then double-click the name of the user you want to assign to another group.

    2. In the Inspect form, click Edit to open the Edit User Groups form.

    3. In the Groups field, select the groups to which you want to assign the user, and then click Save.

  6. Now that you have added users to a group, you can do the following:

    • Create a group. For more information, see the section “Creating a Group”.

    • Configure security for a group. For more information, see the section “Configuring Security for REST Resources”.

Configuring Security for REST Resources

When configuring security, you specify which object types and objects must be accessible to groups, and which actions the groups can perform on the objects.

To configure security for REST resources:

  1. Log in to the Admin interface as a general administrator.

  2. In the General Admin tree, expand the Admin node, expand the User Access Management node, expand the REST Security node, expand the Configure Security node, and then double-click Add New.

  3. In the Add New Security Configuration form, set security for object types and objects.

    These two tables show a summary of possible security configurations.

Action Description

Create

Group members can create specified resources.

Delete

Group members can delete specified resources.

List

Group member can retrieve specified resources.

Read/Head

Group members can read specified resources. Read returns the requested resources. Head returns metadata describing the requested resources.

Update

Group members can modify specified resources.

Note: Create and Update are each paired with the Read/Head privilege. Assigning one of these privileges to a group automatically assigns the Read/Head privilege to the group.

Object Type Name Subtype Site Possible Actions

ACLs

Any

N/A

N/A

List

Application (see note 1)

Any

N/A

N/A

Create, Update, Delete

Application

AppName

N/A

N/A

Update, Delete

Asset

Any

N/A

Any

List, Read/Head, Create, Update, Delete

Asset

Any

N/A

SiteName

List, Read/Head, Create, Update, Delete

Asset

AssetType

N/A

SiteName

List, Read/Head (see note 2), Create, Update, Delete

Asset

AssetType and AssetName

N/A

SiteName

Read/Head, Update, Delete

AssetType

Any

N/A

N/A

List, Read/Head, Create, Delete

AssetType

AssetType

N/A

N/A

Read/Head, Delete

AssetType

AssetType

Any

N/A

List

AssetType

AssetType

Subtype

N/A

Read/Head

Group

Any

N/A

N/A

List

Group

GroupName

N/A

N/A

Read/Head

Index

Any

N/A

N/A

List, Read/Head, Create, Update, Delete

Index

IndexName

N/A

N/A

Read/Head, Update, Delete

Role

Any

N/A

N/A

List, Read/Head, Create, Update, Delete

Role

Role

N/A

N/A

Read/Head, Update, Delete

Site

Any

N/A

N/A

List, Read/Head (see note 3), Create, Update, Delete

Site

SiteName

N/A

N/A

Read/Head, Update, Delete

User

Any

N/A

N/A

List, Read/Head, Create, Update, Delete

User

UserName

N/A

N/A

Read/Head, Update, Delete

UserDef

Any

N/A

N/A

List

UserLocales

Any

N/A

N/A

List

For more information, see the REST security topics in Administering Oracle WebCenter Sites.

Note:

  1. For an example of setting security for applications, see step 3.

  2. READ allows reading associations on the named site.

  3. READ allows reading users and asset types on the named site.