Topics:
Use the WEM Admin interface that runs on WebCenter Sites to manage the sites, applications, users, and roles for WebCenter Sites systems. Developers use it to create applications and integrate them with WebCenter Sites, but its main function is to define roles for users to create applications.
WEM Admin supports only general and site administrator functions. To access this interface, the WEM Framework must be running on WebCenter Sites, you must have access to AdminSite, and you must be assigned either the GeneralAdmin
or SiteAdmin
role.
SiteAdmin
role. The menu bar at the top of the WEM Admin interface displays the following options:
Sites: Click this option to view a list of all the sites on the WebCenter Sites system in which you are assigned either the GeneralAdmin
or SiteAdmin
role. If you are a general administrator, there is an Add Site option displayed above the list of sites. Click the Add Site option to create a new content management site.
Apps: Click this option to view a list of all the applications available to be assigned to the sites on your WebCenter Sites system.
Users: Click this option to view a list of all the users created for your WebCenter Sites system. If you are a general administrator, there is an Add User option displayed above the list of Users. Click this option to create a new WebCenter Sites user.
Roles: Click this option to view a list of all the roles that have been created for your WebCenter Sites system. If you are a general administrator, there is an Add User Role option displayed above the list of roles. Click this option to create a new user role for your WebCenter Sites system.
Down/Up arrow: Located at the top-right of the menu bar. Click the arrow to either open or close the applications bar. From the applications bar you can switch to another site or application, edit your WebCenter Sites profile, and log out of WebCenter Sites.
For more information about working in the WEM Admin interface and the functions you can perform in WEM Admin as either a general administrator or site administrator, see the following topics:
Use the WEM Framework's technology to develop applications and integrate them with Oracle WebCenter Sites. The WEM Admin interface enables you to manage applications centrally and authorizes users to use single sign-on facility to access the applications.
The WEM Framework requires a content management platform. The Framework runs on WebCenter Sites and ships with the WebCenter Sites Representational State Transfer (REST) API. Objects in the WebCenter Sites database, such as sites, users, and data model map to REST resources in the WEM Framework.
When implemented on the WEM Framework, applications communicate with the WebCenter Sites database through REST services. The applications appear in WEM Admin as list items on the Apps page. Administrators authorize users, which involves configuring access to applications and their resources.
Coupling the items as shown in Figure 11-2 enables applications for users.
Applications and users are assigned to sites through roles.
Sharing a role to a user and an application on the same site grants the user access to the application on that site.
ACLs are assigned to users, providing them with access to the system.
Using WEM Admin, general administrators can create and otherwise manage sites, applications, users, and roles. Groups and ACLs must be configured in the WebCenter Sites Admin interface. They are exposed in WEM Admin, in user accounts.
After the coupling is complete, users are authorized at the database, REST, and application levels.
Experienced WebCenter Sites administrators recognize that the WEM Admin interface extends the use of sites and roles to control access to applications. Roles can also be used within applications to protect interface functions (as in WebCenter Sites) and therefore regulate access to application content.
Unlike WebCenter Sites, WEM Admin does not expose the data model. The REST API does. In this respect, you can think of WEM Admin as strictly an authorization interface, supported by the WebCenter Sites Admin interface (for configuring ACLs and groups). The rest of this guide provides instructions on creating and authorizing users, and guidelines for managing sites.
You can work in the WEM Admin interface either as a general administrator or a site administrator.
This section covers the following topics:
A general administrator has complete control of the system and full permissions to the WEM Admin interface: Sites, Apps, Users, and Roles. Using WEM Admin, general administrators can add and delete sites, applications, users, and roles; modify their details; and perform authorization tasks.
A general administrator in the WEM Framework is a WebCenter Sites general administrator who is also specially configured for the WEM Framework. During the WebCenter Sites installation process, the default general administrator (fwadmin
) is automatically assigned to the RestAdmin
group for unrestricted access to REST services, and enabled on AdminSite
where the WEM Admin application runs by default. The default general administrator must not be deleted.
You can create equivalent general administrators, as many as necessary, and you must modify pre-existing general administrators by adding them to the RestAdmin group and AdminSite
(using the GeneralAdmin
role). Instructions are available in Creating and Authorizing Users.
General administrators assign specific administrators to selected sites, where the Site administrators manage site users and applications. When users are assigned the SiteAdmin role in a site other than AdminSite they are implicitly assigned the SiteAdmin
role in AdminSite
. You cannot assign users the SiteAdmin
role in AdminSite
only.
In the WEM Admin interface, site administrators can access the Sites form only. They can perform the following administrative tasks:
Assign and remove users to and from sites
Assign and remove applications to and from sites
Change the role assignments of site users
Change the role assignments of applications on the sites
A site administrator cannot create, modify, or delete sites, users, or roles. As a site administrator you determine how they are connected within the parameters of your site. Your permissions determine which forms and interface functions WEM Admin you can access.
You must specially configure site administrators for WEM on WebCenter Sites systems running the WEM Framework. You must assign them to the SiteAdmin_AdminSite
group, which is a default REST security group configured in the WebCenter Sites Admin interface.
Through the WEM Admin interface, you can enable the Admin interface and Contributor interface applications. Users can access these applications if you authorize them at the application level.
The Contributor and Admin interfaces are registered applications. They are listed on the Apps page of the WEM Admin interface.
You can configure the WebCenter Sites applications to run on the active WebCenter Sites CM sites to access these sites quickly. It is also important to remember that deleting sites from the WEM Admin interface deletes the sites from the system and from any applications where the sites are in use.
Before deleting or modifying sites from the WEM Admin interface, ensure that the sites are not active content management sites in the WebCenter Sites platform. When you attempt to delete a site you are prompted to confirm your decision. It is assumed that you have determined the status of the site.
The same applies to other objects, such as roles, with one difference: when you attempt to delete a role that is assigned to users and applications, you are presented with a list of dependencies which you must clear before you can delete the role.
In WEM Admin you can expose active WebCenter Sites CM sites for quick access by configuring the WebCenter Sites applications to run on those sites and assigning yourself to those sites. For example:
Though the sites created in the Admin interface are exposed in the Admin interface, you can update the sites outside the Admin interface. You can enable users to perform operations on the different nodes of the Sites trees from other interfaces such as WEM Admin interface and Contributor interface.
To enable the WebCenter Sites Admin interface tree and tabs for a WEM site:
Log in to the Admin interface as a general administrator.
Enable the relevant WebCenter Sites tree tabs for the site that you created in the WEM Admin interface.
Navigate to the WebCenter Sites tree and select the Admin tab.
Double-click the Tree node.
Individually select each tab you want to enable. For example, suppose you want to enable the Site Design tab:
From the list of tree tabs, click Site Design.
In the Tree Tab form, click Edit.
The Edit form for the Site Design tab opens.
In the Sites selection box, select sites on which the tab must be enabled.
Select roles that are allowed to access the tab.
Select content for the tab.
Click Save.
To enable additional tabs, click List all Tree Tabs at the bottom of the Edit form and repeat the steps above.
When you finish enabling the WebCenter Sites tree and tabs on the sites, continue to the next section to make sure the tree and the tabs are rendered properly.
To verify that the Tree Tabs are enabled:
The tabs you have enabled in the previous section are accessible only to users who share a role with each tab. Verify site by site that the tree and tabs are enabled.
Log in to the Admin interface as a user who shares role assigned to a given tab (or tabs).
Select the site. You should see the WebCenter Sites tree, along with the tabs you enabled for the site.
If the WebCenter Sites tree is not enabled, you see the following error message.
Verify the site and role assignments for the user and the tab.
To manage the WEM Framework that provides the technology to develop and implement applications for WebCenter Sites, you must follow few tips and instructions.
Before following instructions in the rest of this section, take note of a few tips:
(Optional) If you are experimenting with WEM sites, users, and roles you may want to distinguish them from dedicated WebCenter Sites CM sites, users, and roles. For example, you can add a description for the site/user/role, or add a prefix, such as "WEM", to the name. Note that after you create a site, user, or role, you cannot change its name.
ACLs are required for user accounts. Only general administrators can create ACLs and only in the General Admin tree under the WebCenter Sites Admin node.
When you assign a role to a user and an application, you grant the user access to the application in that site.
Applications can have role-protected interface functions. When you assign a role to a user and an interface function, you grant the user access to the interface function.
Groups provide access to REST resources. You must configure groups in the Admin interface.
Groups are used to control access to application resources.
If a custom-built application does not specify a predefined user, authorize application users at the application and REST levels.
If a custom-built application specifies a predefined user, authorize that user at the system, application, and REST levels. Authorize application users at the application level.
Use the WEM Admin interface to create and manage sites, applications, users, and roles.
Only general administrators can create, edit, and delete sites. The Sites form is accessible to general and site administrators.
To manage sites in the WEM Admin interface, see the following topics:
Adding an Application to a Site From the Sites List in the WEM Admin Interface
Assigning Users to a Site From the Sites List in the WEM Admin Interface
Reassigning Roles to a User from the Sites List in the WEM Admin Interface
Reassigning Roles to an Application from the Sites List in the WEM Admin Interface
Removing a User From a Site in the WEM Admin Interface Sites List
Removing an Application From a Site in the WEM Admin Interface Sites List
Note:
For general admins who want an alternative way to add an application to a site, see Managing Applications.Note:
For general admins who want an alternative way to assign users to a site, see Managing Users in the WEM Admin Interface.Caution: Reassigning user roles on a site in WEM can uncouple the user from certain applications on that site.
To reassign roles to a user:
Note: For general admins who want an alternative way to modify user roles in a site, see Reassigning Roles to a User from the Users List in the WEM Admin Interface.
Caution: Reassigning application roles on a site in WEM can uncouple the application from certain users on that site. To reassign roles to an application:
Note: For general admins who want an alternative way to modify application roles in a site, see Managing Applications.
Note: For general admins who want an alternative way to remove a user from a specific site, see Managing Users in the WEM Admin Interface.
Note: For general admins who want an alternative way to remove an application from a site, see Managing Applications.
Only general administrators can modify an application. The Apps form is accessible to general administrators only.
The following topics provide information about managing applications from the WEM Admin interface:
Note:
For an alternative way to add an application to a site, see Managing Sites in the WEM Admin Interface.Caution: Reassigning application roles on a site in WEM can uncouple the application from certain users on that site.
To reassign roles to an application:
Note: For an alternative way to modify application roles in a site, see Reassigning Roles to an Application from the Sites List in the WEM Admin Interface.
Note: For an alternative way to remove an application from a site, see Managing Sites in the WEM Admin Interface.
Only general administrators can create, edit, and delete users. The Users form is accessible to general administrators only.
The following topics provide information about managing users from the WEM Admin interface:
Creating a User in the WEM Admin Interface From the Users List
Enabling a User From the Users List in the WEM Admin Interface
Assigning a User to a Site From the Users List in the WEM Admin Interface
Editing a User From the Users List in the WEM Admin Interface
Reassigning Roles to a User from the Users List in the WEM Admin Interface
Removing a User From a Site in the WEM Admin Interface Users List
Deleting a WebCenter Sites User from the Users List in the WEM Admin Interface
Note: When you create a user, the user is able to log in. To access sites and applications, you must enable the user.
Note:
For an alternative way to add a user to a site, see Managing Users in the WEM Admin Interface.Note: Groups provide access to REST. You use groups to control access to application resources.
Note:
For an alternative way to remove a user from a site, see Removing a User From a Site in the WEM Admin Interface Sites List.Only general administrators can create, edit, and delete roles. The Roles form is accessible to general administrators only.
The following topics provide information about managing roles from the WEM Admin interface:
If the role is assigned to users, applications or both, you cannot delete it until you unassign the role from the user and applications. Review the table of dependencies in the Role Dependencies form. Delete all Dependencies removes the role from its users and applications and deletes the role from the system.