This section covers the following topics:
Context managers create a right by assigning a role to a user or group within a context.
A user or group can have only one directly assigned right per context. However, rights can be assigned to groups, and because such rights are inherited by all members of the group, users can have many rights within one context:
one directly assigned right
many indirectly assigned rights; that is, rights that have been inherited through membership of a group.
If a group right is revoked, the same right is also revoked for users within that group.
If a role is redefined by a domain administrator, rights created from that role are instantly changed to reflect that redefinition, and are propagated to all users with that role when they next synchronize with the server (Oracle IRM Server).
Note:
Only context managers can perform this procedure.Note:
This procedure requires access to the external directory of users that was referenced during installation of Oracle IRM Server. See Section 1.2, "Access to User Details".Context managers create a right by assigning a role to a user or group within a context.
Use the following procedure to create a right:
Click the Contexts tab to reveal the Contexts page.
On the left panel of the Contexts page, select the context in which you want to create rights.
On the right panel of the Contexts page, select the Rights tab.
Click the Assign Role button.
Complete the Assign Role wizard, noting the following:
On the Users/Groups page, you can select either users or groups. If you want to set up rights for both users and groups within the current context, use the wizard one time for users and a second time for groups.
You can select multiple users or groups to be granted the right, but you will be assigning the same role (on the Role page of the wizard) to all of them.
On the Role page of the wizard, you can view the features of a candidate role by selecting it from the Select Role drop-down list. The features are shown in the Selected Role Details area.
On the Documents page of the wizard, you can select a specific set of sealed documents to be associated with this right. Depending on how the role was set up, these documents are either the only ones that can be accessed, or are ones that cannot be accessed (the Restrictions notice on the dialog explains which of these apply). Use the Add button to open a dialog through which you can find a sealed document and associate it with this right. If the restriction is that access is allowed only to listed documents, and you do not list any documents, the right will be created, but any user having this right will not be able to access any sealed documents. See also Section 3.2, "Creating a Role".
Use the Review page to check that all the details for the right are as you want them. If there is anything that you want to change, use the Back button to return to previous pages and make the required changes.
When you are satisfied with the details on the Review page, create the new right by clicking Finish.
Note:
Only context managers can perform this procedure.Use the following procedure to modify a right:
Click the Contexts tab to reveal the Contexts page.
On the left panel of the Contexts page, select the context in which the right exists.
On the right panel of the Contexts page, select the Rights tab.
Select the user or group whose right you want to change.
You can select multiple users or groups, in which case you will be applying the same change to all selected users or groups.
If the user of a right is shown as "Not found", the user has become unavailable on the external identity store. See Section 1.2, "Access to User Details".
Click the Edit button.
On the Edit Role Assignment dialog, click the Role tab.
From the Assigned Role drop-down list, select a new role to be assigned to the user or group.
If multiple users or groups were selected on the Rights tab, the new role selected here will apply to all the selected users or groups.
To save the change and modify the right, click OK.
Note:
Only context managers can perform this procedure.Use the following procedure to remove a right:
Click the Contexts tab to reveal the Contexts page.
On the left panel of the Contexts page, select the context in which the right exists.
On the right panel of the Contexts page, select the Rights tab.
Select the row in the Rights table that represents the right you want to remove.
If the user of a right is shown as "Not found", the user has become unavailable on the external identity store. See Section 1.2, "Access to User Details".
To remove the right, click the Remove button.
You will be asked to confirm the removal.