13 Security Properties

The following topics provide information about each property associated with the Security category in the wcs_properties.json file:

13.1 About the Properties in the Security Category

Properties in the Security category determine how security is configured on both the management and the delivery systems. Before developers design the online site or make changes to the user interface on the management system, you must implement your security protocols using the Security properties in the WebCenter Sites wcs_properties.json file.

Additionally, Security properties with the sub category Content Security allow you to configure content security protection for websites developed through WebCenter Sites. Content Security is a standard which enables you to determine whether pages returned by the browser can be embedded inside an iframe of some other website. For detailed information about Content Security, see the specification documentation about the Content Security Policy.

13.2 Properties in the Security Category

Table 13-1 provides a description for each of the properties in the JSON file associated with the Security category.

Table 13-1 Security Properties

Property Description

List of URIs the protected resource can load using script interfaces.

Subcategory: Content Security


Set the value to true to enable Content Security protection.

Default value: false

Subcategory: Content Security


Specifies a comma-separated list of attributes that a user is allowed to modify.

Currently, only password is supported.

For complete backward compatibility, set the property to blank to ensure that the user has write privileges to the SystemUsers table.

Default value: password


Comma-separated source list of default directives. For example: child-src,connect-src,img-src,object-src,script-src,style-src.

Subcategory: Content Security


Allowed hosts for embedding protected resource in iframes.

Possible values:
  • self blank: the pages from the current site can be embedded either by an ancestor frame that has the src attribute as about:blank or the current site itself.

  • about:blank: Required for WebCentrer Sites to work because pages are made of frames that have #about:blank as src.

Subcategory: Content Security


Specifies variable names that are used as passwords and should be suppressed when ft.suppressPasswords is set to true.

The Cheetah installer now sets this property to: REMOTEPASS;pubtgt:factors;factors to suppress its mirror publish target passwords in the log.

Default value: REMOTEPASS;pubtgt:factors;factors


Prevents any input or session variables containing the strings "password" or "PASSWORD" in their names from being logged.

Default value: true

Specify false to include passwords in the log.


Restricts from where the protected resource can load images.

Subcategory: Content Security


Restricts from where the protected resource can load plugins.

Possible values:
  • self

  • blank

Subcategory: Content Security


Restricts which scripts the protected resource can execute.

Subcategory: Content Security


Defines the element used for managing the roles that users fulfill on sites in WebCenter Sites.

Default value: OpenMarket/Xcelerate/Actions/Security/AccessUserPublication


Contains a comma-separated list of functions for which permissions can be generated on an asset. If the value is empty, all possible functions will be displayed. Additional system-defined functions can be added to the list of default functions.

Default value: inspect,checkout,copy,edit,delete,rollback,approve


Contains a comma-separated list of roles that are not allowed to abstain from voting when assigned assets as part of the workflow process.

Default value: blank


Contains a comma-separated list of roles that are not allowed to approve assets for publishing.

Default value: blank


Contains a comma-separated list of roles that are not allowed to authorize privileges on assets.

Default value: blank


Contains a comma-separated list of roles that are not allowed to build Collection assets.

Default value: blank


Contains a comma-separated list of roles that are not allowed to checkout assets explicitly from the revision tracking system.

Default value: blank


Contains a comma-separated list of roles that are not allowed to copy assets.

Default value: blank


Contains a comma-separated list of roles that are not allowed to delegate assigned assets to other participants in the workflow.

Default value: blank


Contains a comma-separated list of roles that are not allowed to delete assets.

Default value: blank


Contains a comma-separated list of roles that are not allowed to edit assets.

Default value: blank


Contains a comma-separated list of roles that are not allowed to inspect assets.

Default value: blank


Contains a comma-separated list of roles that are not allowed to create a site navigation by copying and pasting an existing site navigation in the SitePlan tree.

Default value: blank


Contains a comma-separated list of roles that are not allowed to place Page assets in the SitePlan tree.

Default value: blank


Contains a comma-separated list of roles that are not allowed to preview assets with their templates.

Default value: blank


Contains a comma-separated list of roles that are not allowed to remove assets from a workflow group.

Default value: blank


Contains a comma-separated list of roles that are not allowed to remove assets from workflow.

Default value: blank


Contains a comma-separated list of roles that are not allowed to roll back assets to a previous version.

Default value: blank


Contains a comma-separated list of roles that are not allowed to set export to disk (static publishing) starting point.

These users may still be allowed to approve and publish assets if some other users set the starting point.

Default value: blank


Contains a comma-separated list of roles that are not allowed to set nested workflow.

Default value: blank


Contains a comma-separated list of roles that are not allowed to set participants for workflow.

Default value: blank


Contains a comma-separated list of roles that are not allowed to set workflow process deadlines.

Default value: blank


Contains a comma-separated list of roles that are not allowed to set a deadline on a workflow step.

Default value: blank


Contains a comma-separated list of roles that are not allowed to share assets with other sites (other than the site the asset was originally created in).

Default value: blank


Contains a comma-separated list of roles that are not allowed to see the participants for a workflow.

Default value: blank


Contains a comma-separated list of roles that are not allowed to see the status screen for assets.

The Status option is available in the View menu when you have an asset open in the Oracle WebCenter Sites: Contributor interface. The Status page shows workflow and publishing information about the open asset. If the user belongs to one of the roles that is being denied the privilege to view the Status page, the Status option will be grayed out in the View menu.

Default value: blank


Contains a comma-separated list of roles that are not allowed to see the list of versions for an asset.

Note: The Show versions icon is not displayed on the asset's toolbar if the user belongs to one of the roles that is denied the privilege.

Default value: blank


Contains a comma-separated list of roles that are allowed to abstain from voting when assigned assets as part of the workflow process.

Default value: blank


Contains a comma-separated list of roles that are allowed to approve assets for publishing.

Default value: blank


Contains a comma-separated list of roles that are allowed to authorize privileges on assets.

Default value: GeneralAdmin,WorkflowAdmin,SiteAdmin


Contains a comma-separated list of roles that are allowed to build Collection assets.

Default value: blank


Contains a comma-separated list of roles that are allowed to checkout assets from the revision tracking system.

Default value: blank


Contains a comma-separated list of roles that are allowed to copy assets.

Default value: blank


Contains a comma-separated list of roles that are allowed to delegate assigned assets to other participants in the workflow.

Default value: blank


Contains a comma-separated list of roles that are allowed to delete assets.

Default value: blank


Contains a comma-separated list of roles that are allowed to edit assets.

Default value: blank


Contains a comma-separated list of roles that are allowed to inspect assets.

Default value: blank


Contains a comma-separated list of roles that are allowed to place Page assets in the SitePlan tree.

Default value: blank


Contains a comma-separated list of roles that are allowed to preview assets with their templates.

Default value: blank


Contains a comma-separated list of roles that are allowed to remove assets from a workflow group.

Default value: blank


Contains a comma-separated list of roles that are allowed to remove assets from workflow.

Default value: blank


Contains a comma-separated list of roles that are allowed to roll back assets to a previous version.

Default value: blank


Contains a comma-separated list of roles that are allowed to set an export to disk (static publishing) starting point.

Default value: blank


Contains a comma-separated list of roles that are allowed to set nested workflow.

Default value: blank


Contains a comma-separated list of roles that are allowed to set participants for workflow.

Default value: blank


Contains a comma-separated list of roles that are allowed to set workflow process deadlines.

Default value: blank


Contains a comma-separated list of roles that are allowed to set a deadline on a workflow step.

Default value: blank


Contains a comma-separated list of roles that are allowed to share assets with other sites (other than the site the asset was originally created in).

Default value: blank


Contains a comma-separated list of roles that are allowed to see the participants for a workflow.

Default value: blank


Contains a comma-separated list of roles that are allowed to see the status screen for assets.

The Status option is available in the View menu when you have an asset open in the Contributor interface. The Status page shows workflow and publishing information about the open asset. If the user belongs to one of the roles that is being granted the privilege to view the Status page, the Status option will be grayed out in the View menu.

Default value: blank


Contains a comma-separated list of roles that are allowed to see the list of versions for an asset.

Note: The Show versions icon is displayed on the asset's toolbar if the user belongs to one of the roles that is granted the privilege.

Default value: blank