12 Configuring Users, Profiles, and Attributes
For more information about creating users in external sources, see the product documentation:
About Creating WebCenter Sites Users
You can create users in WebCenter Sites through WebCenter Sites native user manager, through WEM Admin, or through external user managers such as LDAP.
Every WebCenter Sites user is defined by the following set of data:
-
User account, which gives the user access to the WebCenter Sites system and its database tables.
-
User profile, which is required for users who are working with:
-
WebCenter Sites applications
-
Language packs and setting a default language
-
Workflow processes, in which email messages are sent to notify workflow participants of their assignments. The user profile supports workflow actions by mapping a user name to an email address.
-
-
User attributes (in addition to the email and locale attributes in the user profile), if actions and events in addition to workflow must be supported.
After users are created and configured, they must be associated, by means of roles, with the sites they are to work in. (Procedures for associating users with sites are given in Assembling Content Management Sites.)
Understanding User Management Options
To connect to external directory servers or user managers that contain authentication information, user information, and so on; use WebCenter Sites Directory Services API to enable your WebCenter Sites system.
The following connection options are available:
-
Central Authentication Service (CAS) —the WebCenter Sites native user manager, which uses the native WebCenter Sites user management tables SystemUsers and SystemUserAttrs.
-
Oracle Access Management—WebCenter Sites integrates with Oracle Access Management to provide a seamless single-sign on experience. For maximum security, Oracle highly recommends using this authentication method on production environments.
-
LDAP directory—with this option, user names and attributes are stored in an LDAP directory server rather than in the WebCenter Sites database. For maximum security, Oracle highly recommends using this authentication method as an alternative to Oracle Access Management integration on production environments.
Because WebCenter Sites security is based on ACLs, any external user management system (such as Oracle Access Management or an LDAP directory) must be configured to match the WebCenter Sites ACLs.
Information about switching to an external authentication solution is given in Switching to External Authentication in Installing and Configuring Oracle WebCenter Sites. Properties that configure the plug-ins are located in the wcs_properties.json
and ldap.ini
files. The files are described in Properties in the User Category in Property Files Reference for Oracle WebCenter Sites.
Note:
This guide uses the native (CAS) WebCenter Sites user manager throughout.
The following topics provide information about your user management options:
Understanding Native WebCenter Sites User Manager
If you are using the native WebCenter Sites user manager, follow the guidelines in Roadmap for Administering WebCenter Sites to create and configure users, and then grant them access to the management system.
Understanding the LDAP Plug-In
If you are using LDAP to manage your users on either the management or the delivery system, you create user accounts with LDAP rather than with the WebCenter Sites administrator's interface. However, you must still use the administrator's interface to create ACLs and roles in the WebCenter Sites database.
Configuring Users in WebCenter Sites
You can configure users in WebCenter Sites and thereby edit and maintain a user account, user profile, and, if necessary, user attributes.
Familiarize yourself with the concepts of user account, user profile, and, if necessary, user attributes as follows:
-
A user account is required for anyone who is to work with WebCenter Sites.
-
A user profile is required for users who work with WebCenter Sites modules and products, setting a default language, and participating in workflow processes in which email messages are sent.
-
User attributes, in addition to the locale and email attributes in the user profile, could be required for your operation. If so, the additional attributes can be created.
When you have created the user, you must enable that user for the appropriate sites by assigning roles to the user name for each site the user will work in. See Granting Users Access to a Site (Assigning Roles to Users).
After you have created and enabled a new user, be sure to give that user the following information:
-
The user name/password combination of the user account.
-
The URL to the WebCenter Sites:
http://<server>:<port>/<context>/login
where
<server>
is the host name or IP address of the system running WebCenter Sites. Depending on how the system was set up, you might also have to include the port number—server:8080
for example; and<context>
is the name of the web application on the same server.
See the following topics for instructions on creating modifying and deleting user accounts, profiles, and attributes:
Working with User Accounts
To control and manage user accounts, you can create, edit, and delete users in the WebCenter Sites administrator's interface.
The following topics provide procedures for creating, editing, and deleting users in the WebCenter Sites administrator's interface.
Note:
If you are using LDAP, see the LDAP product documentation. If you are using WEM Admin, see Managing Users in the WEM Admin Interface.
Also, be sure to substitute the word "group" for the word "ACL" when reading that guide, and create users who belong to the groups with these names.
Creating a User in the Admin Interface
The following task provides information and instructions about creating a user in the Admin interface.
Note:
If you are using LDAP, see the LDAP product documentation.
Before creating a user, determine the user's:
-
User name.
-
Password.
-
ACLs, which regulate the user's access to WebCenter Sites database tables.
-
To determine the user's required ACLs, see Required ACLs for Custom Users.
-
To determine the user's additional system ACLs, see System ACLs and Their Permissions.
-
To determine which ACLs are assigned to the database tables the user must access, follow the steps in Assigning ACLs to Custom Tables.
-
To Create a User in the Admin Interface
-
In the General Admin tree, expand the Admin node, expand the User Access Management node, and then double‐click User.
-
In the User form, select Add User and click OK.
You can add a user name before clicking OK; it will appear auto-filled in the Login Name field on the next form.
The Add User form opens.
-
Fill in the fields in the Add User form:
-
In the Login Name field, enter a unique name. Do not include spaces or special characters, such as punctuation. The underscore character (_) is allowed.
-
In the Access Privileges list, select ACLs for the user. To select multiple ACLs, Ctrl-Click each ACL; you can also select a range of ACLs by selecting the first and last ACL in the range with Shift-Click.
-
Enter the same password into the Password and Re-Enter Password fields.
-
Click Add.
The user is created.
-
You can create a general administrator. For more information about making the user an administrator or a content contributor, see Creating Common User Types.
To Follow Up With Post-Creation Procedures
-
If the user implements any of the following options, create a profile for the user:
-
Oracle WebCenter Sites products such as Oracle WebCenter Sites: Engage.
-
Language packs and different languages.
-
Workflow processes that send email messages.
-
-
If the user requires attributes in addition to or in place of locale and email (specified in the user profile), create the attributes. For instructions, see Modifying, Adding, and Deleting User Attributes.
-
After the user has been completely defined, you must associate the user with a site by means of roles.
-
If you have not done so, create roles for the user, following instructions in Creating a Role From the Admin Interface.
-
To associate the user to the site, create the site and add the user to the site. For instructions, see Creating a Site From the Admin Interface and Granting Users Access to a Site (Assigning Roles to Users).
-
Creating Common User Types
When creating a user, it is important to consider the roles that the user will have on separate websites. In many cases, a user could be an administrator on one site and a content contributor on another. The following topics detail how to make each user a specific type of user.
Making the User a General Administrator
The general administrator for a site controls all aspects of the site. You should be aware that when a user is a general administrator, their administrative actions can only be controlled when they are logged in to the one site, however, they can administrate all sites when logged in.
Making the User a Site Administrator
Note:
The names of roles used in this documentation are the names of the roles used in the avisports sample site that comes installed. You can choose to use different roles or role names with your published website.
When adding a site administrator to a site, consider if you will want the same person to have different roles on a different site. You will have to assign these roles to the user when logged in to the site or sites you want to assign these different roles for the user on.
When a user has site administrator rights, the Site tree will only appear when they are logged into the website (or websites) where they have the site administrator role.
Making the User a Content Contributor
For the newly created user, ensure it has the correct ACLs assigned to it.
To determine the ACLs for a user, see Required ACLs for Custom Users. Looking at the table, you can see that the ACLs for all users are Browser
, ElementReader
, PageReader
, UserReader
, and xceleditor
. You may want to add additional ACLs required for a content contributor, depending on the type of content you want the user to contribute.
For example, the PageEditor
ACL would allow the user to add pages to the site, and modify the content based on the defined elements. The ElementEditor ACL would allow the contributor to create templates. For more information about the specific ACLs and how they impact the contributor's editing access, see System Defaults.
The user does not require additional ACLs if you only want them to modify existing content on a page. Simple editing is contained in the assigned role.
Editing a User From the Admin Interface
The following steps show you how to edit users in the WebCenter Sites Admin interface. If you are using LDAP, see the LDAP product documentation.
To edit a user:
Caution:
Do not change the names or ACLs of WebCenter Sites system users (DefaultReader
, ContentServer
, xceladmin
).
- In the General Admin tree, expand the Admin node, expand the User Access Management node, and then double‐click User.
- In the form that opens, enter the name of the user you want to work with. If you do not know the user name, leave the field blank; WebCenter Sites will return a list of all users in the system.
- Select Modify User and click OK.
- In the list of users, select the user you want to work with.
- In the Modify User form, make the changes, then click Modify.
Deleting a User from the System Using the Admin Interface
The following steps shows you how to delete users from the WebCenter Sites system using the WebCenter Sites Admin interface. If you are using LDAP, see the LDAP product documentation.
Note:
Before deleting a user(internal, that is stored in Sites database or external, that is LDAPs), ensure that all the resources belonging to the user have been released. For example, if there are any assets checked-out by the user, they should be released. Also, if the user is part of any workflow step, he should be removed from workflow.Caution:
Do not delete any of the WebCenter Sites system users (fwadmin
- or the users used as admin
, ContentServer
, or DefaultReader
).
Working with User Profiles and User Attributes
A user profile defines a user and its access and roles and user attributes make up a user profile.
A user profile is required for any user who works with the following:
-
Sites modules and products.
-
Language packs.
-
Workflow processes in which email messages are sent to notify workflow participants of their assignments. The user profile supports workflow actions by mapping a user name to an email address.
A user profile holds a set of user attributes. By default, the only user attributes a user profile holds are:
-
The email attribute, which is used to support workflow actions and takes the user's email address as a value. You can create workflow actions that send workflow participants email about the assets that are assigned to them.
-
The locale attribute, which is used to determine which language to use for a given user. This attribute takes the user's preferred location as a value.
-
The timezone attribute, which is used to determine which time zone to use for a given user. This attribute takes the user's preferred time zone as a value.
If the user was created in the WEM Admin interface, the avatar is also an attribute. You can add more user attributes and store values for them in the WebCenter Sites user management tables. However, to use these values in the WebCenter Sites interfaces requires you to customize the elements that display the user profile forms. See Customizing Oracle WebCenter Sites in Developing with Oracle WebCenter Sites.
This section covers the following topics:
Creating and Editing a User Profile
If you are using LDAP, be aware of system responses to user and site management operations. For more information about these system responses, see Users, Sites, and Roles in LDAP‐Integrated Sites Systems.
To create or edit a user profile:
Modifying, Adding, and Deleting User Attributes
By default, the only user attributes that the WebCenter Sites content applications require are an email address and locale preference. Users created in WEM will additionally have an avatar attribute. You use the user profile feature to assign these attributes to a user, as shown in Creating and Editing a User Profile. If you have to, you can store and use additional user attributes for your users in this table, even if you are using LDAP.
Note:
If LDAP is integrated with WebCenter Sites, user attributes such as locale, timezone, and email are stored in LDAP; and these attributes are not editable in WebCenter Sites.The Modify User Attributes option allows you to modify the attributes that are used in the user profile. It also allows you to add and delete attributes.
To modify a user's attributes: