29 Managing Members and Assigning Roles in a Portal

Manage who can access a portal and what tasks individual portal members can perform.

Permissions:

To perform the tasks in this chapter, you need the Portal Manager role or a custom role that includes the portal-level Manage Membership permission. Users with this permission can manage portal members and their role assignments.

See About Roles and Permissions for a Portal.

Topics:

• About Portal Membership

• Viewing the Members of a Portal

• Setting Up Membership Options for a Portal

• Composing Messages to New Members

• Adding Members to a Portal

• Assigning or Changing Member Role Assignments

• Approving Requests for Membership of a Portal

• Communicating with Managers and Members of a Portal

• Revoking Membership to a Portal

About Portal Membership

Member participation is central to any portal. It is the portal manager's responsibility to manage membership and determine member participation through the permissions assigned to the various roles defined for the portal. Members can be added to a portal in several ways:

• If a portal is discoverable (see Making a Portal Known (Discoverable)), it can be made known to anyone logged in to WebCenter Portal through searches and the Portals page. Users can join or request membership, depending on the self-service settings established by the portal manager (see Managing Self-Service Membership for a Portal).

• If a portal is made public (see Granting Public Access to a Portal), it is available to anyone with access to WebCenter Portal, provided the Public-User role is granted appropriate permissions (see Viewing and Editing Permissions of a Portal Role).

• portal managers can add or invite individual members or groups at the time a portal is created, or later (see Adding Members to a Portal).

Viewing the Members of a Portal

To review the current membership for a portal:

1. In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Members subtab (Figure 29-1).

   Tip:

   You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.

   Figure 29-1 Portal Administration: Members Page

   
   Description of "Figure 29-1 Portal Administration: Members Page"
2. In the Members area, review the current list of members and the roles to which they are currently assigned.
3. Using the Filter drop-down list, select All Members to see a full list or select the name of a role to list members with a particular role.

Setting Up Membership Options for a Portal

Portal managers determine the membership policy for their portal, choosing between an "invitation only" membership policy, allowing users to join themselves by subscribing to (and unsubscribing from) the portal, adding new members directly, or using any combination of these membership options.

Enabling self-service does not necessarily mean that users automatically gain access to a portal. Portal managers can still control who joins (or leaves) the portal through an approval process.

Default membership permissions are derived from the template used to create the portal. Portal managers can change these settings at any time. This section describes:

• Managing Self-Service Membership for a Portal

• Managing Self-Service Membership Removal from a Portal

Managing Self-Service Membership for a Portal

As a portal manager, you can limit access to a portal by invitation only, or allow users to join themselves, without an invitation, through self-service.

Additionally, you may allow users to join a portal or change their portal membership without approval, or require approval for certain roles. When membership requests require approval, new members do not automatically gain access when they subscribe to a portal. Instead, the portal manager receives a subscription notification to accept or reject.

To manage self-service for a portal:

1. In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Members subtab.

   Tip:

   You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.

2. Click Options to open the Membership Options dialog.

   Figure 29-2 Membership Options Dialog

   
   Description of "Figure 29-2 Membership Options Dialog"

3. Under Invite Options, select Enable Invite Portals Users to allow portal managers (or members with Manage Membership permission) to invite other WebCenter Portal users to join the portal. Deselect this option to disallow invitations to join the portal.

   Tip:

   The Enable Invite Portals Users check box displays only when WebCenter Portal workflows are configured.

   See Managing the SOA Connection for WebCenter Portal in Administering Oracle WebCenter Portal.

4. Under Membership Self-Service:

   • To prevent non-members from joining the portal through self-service or requesting changes to their current membership, select Do Not Allow Self-Service Membership or Self-Service Membership Change.

   • To allow non-members to join a portal and members to request changes to their current membership, select Allow Self-Service Membership or Self-Service Membership Change (All Roles Available).

     Note:

     If you select this option, make sure that the portal is discoverable so that other people can see the portal on their Portals page and through searches .

     See Making a Portal Known (Discoverable).

     When you select this option:

     • Any WebCenter Portal user can join the portal.

       See Joining a Portal in Using Portals in Oracle WebCenter Portal.

     • After joining the portal, members can change their roles in the portal, or cancel their membership

       See Changing Your Role in a Portal and Cancelling Your Portal Membership in Using Portals in Oracle WebCenter Portal.

     If a portal manager is required to approve before the request is granted, select Portal Manager Approval Required.

     Tip:

     The Portal Manager Approval Required check box displays only when WebCenter Portal workflows are configured.

     See Managing the SOA Connection for WebCenter Portal in Administering Oracle WebCenter Portal.

   • To specify which roles users see on Request Membership and Change Membership pages, select Allow Self-Service Membership or Self-Service Membership Change (Selected Roles Available) to display a table showing all the roles available.

     Figure 29-3 Choosing Roles Available on Self-Service Membership

     
     Description of "Figure 29-3 Choosing Roles Available on Self-Service Membership "

     • Select Enable to offer the role on the Request Membership and Change Membership pages. Deselect Enable to hide a role.

     • Select Approval Required to specify that portal manager approval is required before the request is granted. The request is sent to the portal manager's worklist (if a SOA connection to Oracle BPM Worklist is configured) to approve or reject (if the portal has multiple managers, all managers receive the request; only one manager is required to process the request). Deselect Approval Required to allow the change without portal manager’s approval.

       Tip:

       The Approval Required check box displays only when WebCenter Portal workflows are configured.

       See Managing the SOA Connection for WebCenter Portal in Administering Oracle WebCenter Portal.

5. Click Save.

Managing Self-Service Membership Removal from a Portal

If portal manager approval is required to unsubscribe from a portal, a request to unsubscribe is sent to the portal manager's worklist (if a SOA connection to Oracle BPM Worklist is configured) when a member leaves, which the portal manager can choose to either accept or reject.

To configure approval options for cancelling portal membership:

1. In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Members subtab (Figure 29-4).

   Tip:

   You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.

   Figure 29-4 Portal Administration: Members Page

   
   Description of "Figure 29-4 Portal Administration: Members Page"
2. Click Options to open the Membership Options dialog.
3. Under Membership Self-Service (Figure 29-5):

   • To specify that portal manager approval is required to leave a portal, select Portal Manager Approval Required for Self-Service Membership Removal.

   • To allow members to leave without approval, deselect Portal Manager Approval Required for Self-Service Membership Removal.

   Tip:

   This check box displays only when WebCenter Portal workflows are configured. Refer your system administrator to Troubleshooting WebCenter Workflows in Administering Oracle WebCenter Portal.

   Figure 29-5 Specifying Unsubscribe Request Approval Requirements

   
   Description of "Figure 29-5 Specifying Unsubscribe Request Approval Requirements"
4. Click Save.

Composing Messages to New Members

When you add or invite someone to your portal, they receive a message through the Mail service (if configured) and through their worklist (if the SOA connection to Oracle BPM Worklist is configured). Before you start recruiting new members, take some time to compose suitable greetings and messages for the following scenarios:

• Adding an existing user as a member of your portal.

• Inviting an existing user to join your portal.

• Inviting someone to register with WebCenter Portal and join your portal.

To compose messages sent out to new members:

1. In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Members subtab.

   Tip:

   You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.

2. Click Options to open the Membership Options dialog.

   Figure 29-6 Portal Administration: Members Page

   
   Description of "Figure 29-6 Portal Administration: Members Page"

3. Under Membership Notification Messages, enter messages in the appropriate sections:

   • Add Member Message - Enter a short message to include in membership notifications. Use the message text to welcome new members and introduce your portal.

   • Invite Member Message - Enter a short message to include in membership invitations to users who are registered with WebCenter Portal. Use the message text to describe the portal and how it might be of use to them. Membership invitations display in a user's worklist (if the SOA server is configured to use Oracle BPM Worklist) and the invitation includes an Accept button that the invited party must click to accept the membership invitation. If the SOA server is configured to send worklist notifications by mail, invited users receive the notification in both their Oracle BPM Worklist and mail.

     Tip:

     This section displays only when WebCenter Portal workflows and SOA server are configured.

     Refer your system administrator to Troubleshooting WebCenter Portal Workflows in Administering Oracle WebCenter Portal.

   • Invite Non-Registered Users Message - Enter a short message to include in membership invitations to people who are not registered WebCenter Portal users. Use the message text to describe the portal and how it might be of use to them. Membership invitations are sent by mail using the Mail service. The invitation includes a secure URL that the invited party must click to accept the membership invitation. Unregistered users will then be prompted to register with WebCenter Portal before gaining access to your portal.

4. Click Save.

Adding Members to a Portal

This section describes various ways that a portal manager can enlist members for your portal:

• Searching for a User or Group in the Identity Store

• Adding Registered Users and Groups

• Inviting a Registered User

• Allowing a Registered User to Self-Subscribe

• Inviting a Non-Registered User

Searching for a User or Group in the Identity Store

For any task that requires searching for a user or group, use the information in this section to contruct your search string. For example, the following tasks require you to specify a user or group name:

• Setting Personal Page Security in Using Portals in Oracle WebCenter Portal

• Composing and Sending Mail Messages in Using Portals in Oracle WebCenter Portal

• Setting Up Access to a Portal Template

• Setting Page Security

• Setting Security for an Asset

• Adding Registered Users and Groups

• Inviting a Registered User

• Setting Up Access to a Portal Template

The search mechanism used by WebCenter Portal to locate users and groups in the identity store follows specific rules. Keep the following tips in mind when you construct your search string:

• The search operates on First Name, Last Name, Mail Address, User ID, and Common Name. For example, in Oracle Internet Directory (OID), the search operates on givenname, sn, mail, uid, and cn.

  For information about mapping user attributes to their corresponding names in different LDAP directory servers, see Mapping User Attributes to LDAP Directories in Securing Applications with Oracle Platform Security Services.

• Specify a wildcard (*) character anywhere in the search string to substitute for preceding or following characters.

• The search is not case-sensitive.

• Leave the search term blank to list all users (or groups) in the identity store.

• To search for a First Name, Last Name, Mail Address, User ID, or Common Name, specify one search term, specifying at minimum the first letter in any of these values.

• To search for First Name or Last Name, specify two search terms separated by a space to search in First Name and Last Name, respectively. Specify at minimum the first letter in each value.

• To search for a First Name or Last Name, either of which have multiple names, specify multiple search terms separated by spaces. The multiple names are treated as a single field, including the space character. The first search term specifies the search on the First Name field and the last search term specifies the search on the Last Name field. The intervening search terms are ignored. Specify at minimum the first letter of each value.

For example, the following entry in the identity store defines a WebCenter Portal user:

• First Name (givenname)=James Robert
• Last Name (sn)=van Order
• Mail Address (mail)=jim.van.order@example.com
• User ID (uid)=jimbo
• Common Name (cn)=Jim

Table 29-1 lists search terms that will show this user in the search results. For search terms that will not show this user in the search results, see Table 29-2.

Table 29-1 Search Terms That Find James Robert van Order

Search Terms	Search Results
Jam jam* *ames *bert	All found in First Name (James Robert). Results show all users where search term begins the First Name, Last Name, Mail Address, User ID, or Common Name.
van *Order	Both found in Last Name (van Order). Results show all users where search term begins the First Name, Last Name, Mail Address, User ID, or Common Name.
jimbo Jimbo *imbo	jimbo found in User ID (jimbo). Results show all users where search term begins the First Name, Last Name, Mail Address, User ID, or Common Name.
jim Jim	jim found in Mail Address (jim.van.order@example.com), User ID (jimbo), and Common Name (Jim). Results show all users where search term begins the First Name, Last Name, Mail Address, User ID, or Common Name.
James Order james order	James found in First Name (James Robert); Order not found in Last Name (van Order). Results show all users where first search term begins the First Name, or second search term begins the Last Name.
Robert van robert Van	Robert not found in First Name (James Robert); van found in Last Name (van Order). Results show all users where first search term begins the First Name, or second search term begins the Last Name.
James van Order james Van order	James found in First Name (James Robert), Order not found in Last Name (van Order). Results show all users where first search term begins the First Name, or last search term begins the Last Name. Intervening term is ignored.
James Robert van Order james robert Van order	James found in First Name (James Robert); Order not found in Last Name (van Order). Results show all users where first search term begins the First Name, or last search term begins the Last Name. Intervening terms are ignored.

Table 29-2 lists search terms that will not show this user in the search results.

Table 29-2 Search Terms That Do Not Find James Robert van Order

Search Terms	Search Results
ames	ame not found in First Name (James Robert), Last Name (van Order), Mail Address (jim.van.order@example.com), User ID (jimbo), or Common Name (Jim). Results show all users where search term begins the First Name, Last Name, Mail Address, User ID, or Common Name.
Order order	Order not found in First Name (James Robert), Last Name (van Order), Mail Address (jim.van.order@example.com), User ID (jimbo), or Common Name (Jim). Results show all users where search term begins the First Name, Last Name, Mail Address, User ID, or Common Name.
Robert Order robert order	Robert not found in First Name (James Robert), and Order not found in Last Name (van Order). Results show all users where first search term begins the First Name, or second search term begins the Last Name.

Adding Registered Users and Groups

As a portal manager, you can add any user currently registered with WebCenter Portal as a member of your portal. When the SOA server and WebCenter Portal workflows are configured, added users receive notification in their activity stream and through a mail message (if the SOA server is configured to send mail).

To add a member to your portal:

1. In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Members subtab (Figure 29-7).

   Tip:

   You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.

   Figure 29-7 Portal Administration: Members Page

   
   Description of "Figure 29-7 Portal Administration: Members Page"
2. (Optional) On the Members page, click Options to edit the greeting messages sent to new members (see Composing Messages to New Members). Click Save to close the Membership Options dialog.
3. Select one of:

   • Add People to add one or more individual users as members of the portal.

   • Add Groups to add multiple users belonging to a named user group in the identity store. Subsequent changes or updates to the group are automatically reflected in the portal.

4. If you know the exact name of the person or group, enter the name in the input field, separating multiple names with a comma (Figure 29-8).

   If you are not sure of the name, you can search the identity store. See Searching for a User or Group in the Identity Store.

   Figure 29-8 Adding a New Member

   
   Description of "Figure 29-8 Adding a New Member"
5. Select one or more user names from the list.
6. From the Select Role list, select a role for the selected members or groups.

   If the role you want is not listed, you can create a new role that meets your requirements (see Defining Custom Roles for a Portal).

   Note:

   If necessary, you can assign more than one role to a member or group. See Assigning or Changing Member Role Assignments.

7. Click Add.

All the users and groups you select display in the Members section.

Note:

When adding groups, keep the following in mind:

• Names of user groups are clickable, enabling you to drill down to see individual user names of group members.

• A list of members does not display for dynamic groups based on Oracle Entitlements Server (OES) roles, since OES roles are based on dynamic attributes and therefore do not have any static members. For more information, see Configuring the Identity Store in Administering Oracle WebCenter Portal.

• For WebCenter Portal to properly maintain enterprise group-to-role mappings, back-end servers, such as the content server, must support enterprise groups too. When back-end servers do not support enterprise groups, the message "Group [name] not found in the Identity Store" displays. For more information, see Troubleshooting Issues with Users and Roles in Administering Oracle WebCenter Portal.

Inviting a Registered User

As a portal manager, you can invite anyone who is currently registered with WebCenter Portal to become a member of your portal. Invited users receive notification through the mail messages (if SOA server is configured to send mail) and through their worklist (if the SOA server is configured to use Oracle BPM Worklist).

To invite someone to become a member of your portal:

1. In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Members subtab (Figure 29-9).

   Tip:

   You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.

   Figure 29-9 Portal Administration: Members Page

   
   Description of "Figure 29-9 Portal Administration: Members Page"
2. (Optional) On the Members page, click Options to edit the greeting message sent to invited members (see Composing Messages to New Members) and then click Save to close the Membership Options dialog.
3. Click Invite People, then select Invite Registered Users to invite individual users to become a member of the portal.

   Tip:

   Invite People is available when WebCenter Portal workflows are configured and a portal manager has selected Enable Invite Portals Users in the Membership Options dialog (see Managing Self-Service Membership for a Portal) .

4. If you know the exact name of the user, enter the name in the box provided, separating multiple names with a comma (Figure 29-10).

   If you are not sure of the name you can search the identity store. For search tips, see Searching for a User or Group in the Identity Store.

   Figure 29-10 Inviting a New Member

   
   Description of "Figure 29-10 Inviting a New Member"
5. Select one or more user names from the list.
6. Select a role for the invited members. If the role you want is not listed, create a role that meets your requirements (see Defining Custom Roles for a Portal).
7. Click Invite.

If you want to cancel an invitation, delete the invited member from the list.

Invited users receive an invitation to join the portal through a mail message (if SOA server is configured to send mail) and through their BPM worklist (if the SOA server is configured to use Oracle BPM Worklist) with the message you composed in Step 2. The invitation includes a secure URL that the invited party must click to register with WebCenter Portal before gaining access to your portal.

Inviting a Non-Registered User

If your system administrator has allowed non-registered people to self-register, portal managers can invite anyone with a valid mail address to join the portal. Prospective members receive an invitation by mail (if SOA server is configured to send mail), inviting them to join the portal. Upon accepting the invitation, non-registered users are prompted to register with WebCenter Portal before gaining access to the portal.

To invite someone outside the WebCenter Portal community to join your portal:

1. In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Members subtab (Figure 29-11).

   Tip:

   You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.

   Figure 29-11 Portal Administration: Members Page

   
   Description of "Figure 29-11 Portal Administration: Members Page"
2. On the Members page, click Options to edit the greeting message that is sent to people who are not yet registered WebCenter Portal users (see Composing Messages to New Members) and then click Save to close the Membership Options dialog.
3. Click Invite People, then select Invite Non-Registered Users.

   Note:

   Invite People is available when WebCenter Portal workflows are configured and the portal manager has selected Enable Invite Portals Users in the Membership Options dialog (see Managing Self-Service Membership for a Portal). Invite Non-Registered Users is available only when the system administrator has enabled Allow Self-Registration Through Invitations and Allow Public Users to Self-Register at the application level, as described in Enabling Self-Registration in Administering Oracle WebCenter Portal.

4. Enter the Email Address(es) for one or more prospective members, separated by commas.
5. Select a Role for the prospective members. If the role you want is not listed, create a role that meets your requirements (see Defining Custom Roles for a Portal).
6. Click Invite.

Prospective members receive a mail invitation (if SOA server is configured to send mail) to join the portal with the message you composed in Step 2. The invitation includes a secure URL that the invited party must click to register with WebCenter Portal before gaining access to your portal. If invited users experience no response when they attempt to register with WebCenter Portal, they should refresh their browser and try again.

Allowing a Registered User to Self-Subscribe

Self-subscription enables existing WebCenter Portal users to request membership without an invitation from the portal manager. Certain types of portals, especially interest-based communities, are particularly suited to this form of member enrollment as the portal often reaches a wider audience.

The capabilities of self-service members depends on which roles you decide to offer on the Request Membership page. For more information, see Managing Self-Service Membership for a Portal.

If a user's self-subscription request is pending approval by the portal manager, the user's attempt to access the portal opens the Home portal. When a user is a member of a portal, the user's attempt to access the portal opens the first accessible page of the portal.

Assigning or Changing Member Role Assignments

A portal manager can change a member's role at any time, or assign more than one role to a member or group. Users are notified of membership changes through their BPM worklist (if the SOA server is configured to use Oracle BPM Worklist) or by email (if configured).

Note:

You can assign more than one role to a member or group. If you want a member or group to have the permissions inherent in two or more roles, you can assign the appropriate roles to the member. The ability to assign multiple roles to a member or group eliminates the need to create new roles in such instances.

To assign or change a member's current role in a portal:

Note:

Before assigning roles, you must create roles, as described in Defining Custom Roles for a Portal.

1. In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Members subtab (Figure 29-12).

   Tip:

   You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.

   Figure 29-12 Portal Administration: Members Page

   
   Description of "Figure 29-12 Portal Administration: Members Page"
2. On the Members page, select one or more members (Ctrl+click to select multiple members), and then click Assign Roles.
   The Assign Roles dialog shows the current roles available in the portal.
3. In the Assign Roles dialog (Figure 29-13), select one or more roles to assign or click to deselect the current roles assignment.

   Figure 29-13 Assign Roles Dialog

   
   Description of "Figure 29-13 Assign Roles Dialog"

   • If you are not sure which roles to select, click the Roles tab to determine the range of actions that current roles allow (see Viewing and Editing Permissions of a Portal Role).

   • If the existing roles do not meet your requirements, consider creating a new role (see Defining Custom Roles for a Portal).

4. Click OK.

   The Roles column next to the member's name shows the roles to which the member is assigned (Figure 29-14).

   Figure 29-14 Assigned Roles

   
   Description of "Figure 29-14 Assigned Roles"

Approving Requests for Membership of a Portal

Note:

To view and use worklist notifications, WebCenter Portal must be configured to a SOA server and you must be set up to use Oracle BPM Worklist. For more information about approving requests using Oracle BPM Worklist, see Approving Tasks in Administering Oracle SOA Suite and Oracle Business Process Management Suite

If you want to approve a membership request, you must select the option Portal Manager Approval Required in the Membership Options dialog (see Managing Self-Service Membership for a Portal). As a portal manager, notifications appear in your BPM Worklist to approve or reject requests for portal membership or a new role in the portal.

For more information, see Managing the SOA Connection for WebCenter Portal in Administering Oracle WebCenter Portal.

The person making the request receives notification of your decision. If you reject a request, you can enter the reason for the rejection.

Communicating with Managers and Members of a Portal

You can send messages to individual members, and also to the portal manager(s) or all the members of a portal. WebCenter Portal creates a default distribution list for every portal if the Mail server is Microsoft Exchange and active directory connection details (LDAP) are provided in the mail server connection settings. As members leave or join the portal, the default distribution list updates automatically.

For information about setting up a custom portal mail distribution list, see Configuring the Mail Distribution List for a Portal.

Any user can send mail to the members or the portal managers of a portal from the portal browser or when viewing a portal, as described in Sending Mail to Portal Members or Managers in Using Portals in Oracle WebCenter Portal.

Portal managers can also send mail to all members or individual members of a portal from the Members page:

1. In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Members subtab (Figure 29-15).

   Tip:

   You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.

   Figure 29-15 Portal Administration: Members Page

   
   Description of "Figure 29-15 Portal Administration: Members Page"
2. Under Members:

   • To send a message to all members of the portal, right-click in the Members table, and select Mail Members.

   • To send a message to an individual member, click the member's icon, and then click Mail Members from the toolbar.

   For information about the mail service, see Adding Mail to a Portal.

Revoking Membership to a Portal

Portal managers can revoke user membership for a portal at any time.

To revoke membership:

1. In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Members tab (Figure 29-16).

   Tip:

   You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.

   Figure 29-16 Portal Administration: Members Page

   
   Description of "Figure 29-16 Portal Administration: Members Page"
2. In the Members area, select one or more users or groups (Ctrl+click to select multiple members), then click Remove.
3. In the Remove Members dialog, click Remove to confirm.