Managing Roles and Permissions for a Portal

28 Managing Roles and Permissions for a Portal

Use built-in portal roles and permissions or create custom roles to secure a portal.

Permissions:

To perform the tasks in this chapter, you need the Portal Manager role or a custom role that includes the portal-level Manage Membership permission. Users with this permission can manage portal members and their role assignments.

See About Roles and Permissions for a Portal.

Topics:

About Roles and Permissions for a Portal

Out-of-the-box,WebCenter Portal includes default roles and permissions:

Application-level roles are Administrator, Application Specialist, Portal Creator, Authenticated-User, and Public-User. These roles are managed by the system administrator, as discussed in About Application Roles and Permissions in Administering Oracle WebCenter Portal.
There is one portal-level role out-of-the-box: Portal Manager.

A portal manager can modify the permissions of the Portal Manager role, create a Delegated Manager for the portal, create the seeded Viewer or Participant roles by creating it using the Create Roles menu, or create new custom roles to control what members can do in the portal, manage permission assignments for existing custom roles, and delete roles that are no longer required. Additionally, a portal manager can grant the Authenticated-User (assigned to any user logged into portal) and Public-User roles permissions in the portal.

Understanding the Default Roles for a Portal

Table 28-1 describes the default roles in a portal.

Note:

These default roles are always available for portals based on out-of-the-box portal templates. Portals based on user-defined templates may offer a different set of default roles. The default permissions assigned to the default roles are shown in Table 28-2.

The Delegated Manager, Viewer, and Participant roles are not created by default when the portal is created. These seeded roles are available if the portal manager decides to create these roles for the portal and assign them to portal members.

Table 28-1 Default Roles for Portals

Portal Role Description Modify Permissions Delete Role

Portal Role	Description	Modify Permissions	Delete Role
`Portal Manager`	The `Portal Manager` role is automatically assigned to the creator of a portal. This role is automatically granted the highest level of permissions, as shown in Table 28-2. The portal manager or anyone with the portal level `Manage Security and Configuration` permission can modify permissions as necessary and appropriate.	Yes (except for `Manage Security and Configuration`)	No
`Authenticated-User`	The `Authenticated-User` role is given to authenticated users of WebCenter Portal, with no access to portal information by default. After logging in, users assigned this role always inherit any permissions granted to the `Public-User` role at the application level and in public portals. To grant access to a portal, additional permissions must be granted by the portal manager or anyone with the portal level `Manage Security and Configuration` permission (see Viewing and Editing Permissions of a Portal Role).	Yes	No
`Public-User`	Any user with access to WebCenter Portal who is not logged in assumes the `Public-User` role. Users with the `Public-User` role have no access to portal information by default. Such users are anonymous, and portal permissions must be granted explicitly by the portal manager or anyone with the portal level `Manage Security and Configuration` permission (see Viewing and Editing Permissions of a Portal Role).	Yes	No

Portal Manager

The Portal Manager role is automatically assigned to the creator of a portal. This role is automatically granted the highest level of permissions, as shown in Table 28-2.

The portal manager or anyone with the portal level Manage Security and Configuration permission can modify permissions as necessary and appropriate.

Yes (except for Manage Security and Configuration)

Authenticated-User

The Authenticated-User role is given to authenticated users of WebCenter Portal, with no access to portal information by default. After logging in, users assigned this role always inherit any permissions granted to the Public-User role at the application level and in public portals.

To grant access to a portal, additional permissions must be granted by the portal manager or anyone with the portal level Manage Security and Configuration permission (see Viewing and Editing Permissions of a Portal Role).

Yes

Public-User

Any user with access to WebCenter Portal who is not logged in assumes the Public-User role. Users with the Public-User role have no access to portal information by default. Such users are anonymous, and portal permissions must be granted explicitly by the portal manager or anyone with the portal level Manage Security and Configuration permission (see Viewing and Editing Permissions of a Portal Role).

Yes

Understanding Permissions and Permission Models in a Portal

Members can perform actions within a portal as specified by the permissions assigned to their role.

When assigning permissions to roles, portal managers can choose to assign standard permissions, or switch to advanced permissions:

Standard permissions:
- Administration permissions allow a portal manager to assign the Manage Security and Configuration, Manage Configuration, or Manage Membership permission to a selected role.
- Basic Services permissions collectively control access to pages, lists, events, links and notes. With additional permissions granted on specific tools or services (such as Documents in standard permissions), or others through advanced permissions (see Table 28-3), also create, edit, and delete associated task flows and portlets on a page in the portal. For example, working with documents in a portal requires Documents permissions.
- Documents permissions allow aportal manager to control access to documents in the portal when these tools are enabled (see Enabling and Disabling Tools and Services Available to a Portal).
- Assets permissions collectively control access to all assets, including page templates, skins, resource catalogs, and so on.
See Table 28-2 for detailed information about standard permissions.
Advanced permissions:

Advanced Permissions provide a more granular set of permissions by replacing the collective set of Basic Services permissions with individual tools, services, and assets permissions.
- Administration permissions allow a portal manager to assign the Manage Security and Configuration, Manage Configuration, or Manage Membership permission to a selected role.
- Separate categories allow a portal manager to control the levels of access (for example, have full access by granting Create, Edit, and Delete permissions or some access by granting one or more of the following permissions: Create, Edit, Delete, or View) to the individual tools, services, and assets listed in Table 28-3.
While advanced permissions give you more flexibility over role assignments, they can become complex to manage and maintain.

See Table 28-3 for detailed information about advanced permissions.

It is the portal template that determines the default permission model for a portal. Portals that are based on out-of-the-box portal templates adopt the standard permissions by default, but portal managers can switch to advanced permissions if required. However, if you switch to using advanced permissions for a portal, you cannot revert to standard permissions. For more information, see Using Advanced Permissions.

Note:

Permissions do not inherit the privileges of "lesser" permissions. Therefore, be careful to assign the appropriate set of permissions to allow users to perform required actions. For example, whenever you assign the Create permission, select the View permission too.

Table 28-2 lists the permission categories and permissions that are available with standard permissions.

Table 28-2 Portal Permissions - Standard Permissions

Permission Category	Permissions	Portal Roles Granted Permission By Default
Administration	Manage Security and Configuration - Enable access to all Portal Administration pages, except Pages and Assets. To access portal pages, page and asset permissions must be granted. To access portal assets, asset permissions must be granted. Includes `Manage Configuration` and `Manage Membership` permissions. Note: The `Delegated Manager` role does not include `Manage Security and Configuration` permission by default. This means that the `Delegated Manager` role includes all of the portal administration permissions, but this role cannot access portal security, including roles and members and cannot delete portals.	`Portal Manager`
Administration	Manage Configuration - Same as the `Manage Security and Configuration` permission, but excludes security privileges. Users with this permission cannot access the Roles and Members pages. To access portal pages, page and asset permissions must be granted. To access portal assets, asset permissions must be granted. Users with this permission must be allowed to view the portal. Note: The `Delegated Manager` role has only `Manage Configuration` permissions by default.	`Delegated Manager`
Administration	Manage Membership - Enables access to the Roles and Members pages in portal administration. On these pages, users can create, edit, and delete members and roles for the portal. Note: The `Delegated Manager` role does not include `Manage Membership` permissions by default.	`Portal Manager`
Basic Services (Lists, Events, Links, and Notes)	Edit Page Access, Structure, and Content - Create, edit, contribute content to, publish, and delete pages in the portal. Manage page access and edit page properties. Create, edit, and delete list data, events, links, and notes. With permissions on specific tools or services (Table 28-3), also create, edit, and delete associated task flows and portlets. For example, working with documents in a portal requires `Documents` permissions. Specifically, users with this permission can perform the following operations on a portal page: Lists - Create, edit, and delete list data. Events - Create, edit, delete, and view events. Links - Create and delete links. Notes - Create, edit, delete, and view notes.	`Portal Manager` `Delegated Manager`^Foot 1
Basic Services (Lists, Events, Links, and Notes)	Edit Page Access and Structure - Manage page access and edit properties of pages in the portal. With permissions on specific tools or services (Table 28-3), also create, edit, and delete associated task flows and portlets. Create, edit, and delete list data, events, links, and notes.	`Portal Manager` `Delegated Manager`
Basic Services (Lists, Events, Links, and Notes)	Customize Pages - Add and remove list data, events, links, and notes.	`Portal Manager` `Delegated Manager` `Participant`^Foot 2
Basic Services (Lists, Events, Links, and Notes)	View Pages and Content - View pages, lists, events, and notes. With permissions on specific tools or services (Table 28-3), view associated task flows and portlets.	`Portal Manager` `Delegated Manager` `Participant`^Foot 3 `Viewer`^Foot 4 `Public-User` (in public portals)
Basic Services (Lists, Events, Links, and Notes)	Contribute Page Content - Contribute text, images, and video to pages using contribution mode. Edit and delete any content contributed to pages. Includes `View Pages and Content` permission.	`Portal Manager` `Delegated Manager`
Assets (Portal Assets)	Create, Edit, and Delete Assets - Create, edit, and delete assets owned by the portal, such as page templates, resource catalogs, skins, page styles, Content Presenter templates, task flow styles, task flows, and data controls.	`Portal Manager` `Delegated Manager`
Assets (Portal Assets)	Create Assets - Create new assets for the portal.	None Note: Permissions needs to be explicitly granted
Assets (Portal Assets)	Edit Assets - Edit assets owned by the portal.	None Note: Permissions needs to be explicitly granted
Documents (available when the Documents tool is enabled)	Administration - Configure document workflows and access control settings. For more information, see Enabling Document Management.	`Portal Manager`
Documents (available when the Documents tool is enabled)	Delete Documents - Delete any folder and any file in the portal. Users with this permission can also move folder and files. Users with this permission must be allowed to create and view folders and files.	`Portal Manager`
Documents (available when the Documents tool is enabled)	Create and Edit Documents - Create files and folders, and upload files. Edit and delete files and folders that you create, if Content Server configuration has `Allow author to delete revision` enabled. For more information, see Modifying Content Security Configuration Using Fusion Middleware Control in Administering Oracle WebCenter Content. Users with this permission must be allowed to view folders and files.	`Portal Manager`
Documents (available when the Documents tool is enabled)	View Documents - Browse files, folders, wikis, and blogs.	`Portal Manager`

^Footnote 1

This role is seeded, but not created by default

^Footnote 2

This role is seeded, but not created by default.

^Footnote 3

This role is seeded, but not created by default.

^Footnote 4

This role is seeded, but not created by default.

Table 28-3 lists the permission categories and permissions that are available with advanced permissions.

Table 28-3 Portal Permissions - Advanced Permissions

Permission Category	Permissions	Portal Roles Granted Permission By Default
Administration	Manage Security and Configuration - Enable access to all portal Administration pages, except Pages and Assets. To access portal pages, page and asset permissions must be granted. To access portal assets, asset permissions must be granted. Includes `Manage Configuration` and `Manage Membership` permissions.	`Portal Manager`
Administration	Manage Configuration - Same as the `Manage Security and Configuration` permission but excludes security privileges. Users with this permission cannot access the Roles and Members pages. To access portal pages, page and asset permissions must be granted. To access portal assets, asset permissions must be granted. Users with this permission must be allowed to view the portal.	`Delegated Manager`
Administration	Manage Membership - Enables access to the Roles and Members pages in the portal administration settings. Through these pages, users can create, edit and delete members and roles for the portal. For more information, see Managing Members and Assigning Roles in a Portal.	`Portal Manager`
Pages	Create, Edit, and Delete Pages - Create, edit, contribute to, and delete pages in the portal. Manage page access and edit page properties. Create, edit, and delete lists, events, links, and notes. With permissions on specific tools or services, also create, edit, and delete associated task flows and portlets.	`Portal Manager` `Delegated Manager`
Pages	Create Pages - Create pages in the portal.	None Note: Permissions needs to be explicitly granted
Pages	Publish Pages - Publish page drafts to make page updates available to portal viewers. When this permission is granted, Delete and Edit are automatically granted. If you revoke Publish permission, Delete and Edit are not automatically revoked, and therefore must be explicitly revoked as required.	`Portal Manager` `Delegated Manager`
Pages	Edit Pages - Edit page properties and content for any page in the portal. This includes adding, rearranging, and deleting content; contributing content to pages; renaming pages; and changing page properties.	`Portal Manager` `Delegated Manager`
Pages	Delete Pages - Delete pages in the portal.	`Portal Manager` `Delegated Manager`
Pages	View Pages - View pages, lists, events, and notes. With permissions on specific tools or services, view associated task flows and portlets.	`Portal Manager` `Delegated Manager` `Public-User` (in public portals) `Viewer` `Participant`
Pages	Contribute Page Content - Contribute text, images, and video to pages using contribution mode. Edit and delete any content contributed to pages. Includes `View Pages` permission.	`Portal Manager` `Delegated Manager`
Application Integration Visualization	Manage Application Integration Visualization - Create, edit, and delete application integration assets: SQL Data Sources, REST Data Sources, Business Objects, Data Visualization, and Visualization Templates.	None Note: Permissions needs to be explicitly granted
Content Presenter Templates	Create, Edit, and Delete Content Presenter Templates - Create, edit and delete Content Presenter display templates for the portal.	None Note: Permissions needs to be explicitly granted
Content Presenter Templates	Create Content Presenter Templates - Create Content Presenter display templates for the portal.	None Note: Permissions needs to be explicitly granted
Content Presenter Templates	Edit Content Presenter Templates - Edit portal-level Content Presenter display templates. For more information, see Working with Content Presenter Display Templates.	None Note: Permissions needs to be explicitly granted
Data Controls	Create, Edit, and Delete Data Controls - Create, edit and delete data controls for the portal. Create Data Controls - Create data controls for the portal. Edit Data Controls - Edit portal-level data controls. For more information, see Working with Web Service Data Controls.	None Note: Permissions needs to be explicitly granted
Documents (available when the Documents tool is enabled)	Administration - Configure document workflows and access control settings. For more information, see Enabling Document Management.	`Portal Manager`
Documents (available when the Documents tool is enabled)	Delete Documents - Delete any folder and any file in the portal. Users with this permission can also move folder and files.Users with this permission must be allowed to create and view folders and files.	`Portal Manager`
Documents (available when the Documents tool is enabled)	Create and Edit Documents - Create files and folders, and upload files. Edit and delete files and folders that you create, if portal configuration has `Allow author to delete revision` enabled. For more information, see Modifying Content Security Configuration Using Fusion Middleware Control in Administering Oracle WebCenter Content. Users with this permission must be allowed to view folders and files.	`Portal Manager`
Documents (available when the Documents tool is enabled)	View Documents - Browse files, folders, wikis, and blogs.	`Portal Manager`
Events (available when the Events tool is enabled)	Create, Edit, and Delete Events - Create, edit and delete events for the portal. Create Events - Create events. Edit Events - Edit any event. Delete Events - Delete any event.	None Note: Permissions needs to be explicitly granted
Events (available when the Events tool is enabled)	View Events - View events. For more information, see Adding Events to a Portal.	None Note: Permissions needs to be explicitly granted
Links	Create and Delete Links — Create and delete links between assets. Create Links —Create new links between assets. Delete Links—Delete links between two assets. For more information, see Linking Information in Using Portals in Oracle WebCenter Portal.	None Note: Permissions needs to be explicitly granted
Lists (available when the Lists tool is enabled)	Create, Edit, and Delete Lists - Create, edit, and delete lists and list data. Create Lists - Create lists. Edit Lists - Edit list column definitions. Delete Lists - Delete any list. Edit List Data - Add, edit, and delete list data.	None Note: Permissions needs to be explicitly granted
Lists (available when the Lists tool is enabled)	View Lists - View lists and list data. For more information, see Adding Lists to a Portal.	None Note: Permissions needs to be explicitly granted
Task Flow Styles	Create, Edit, and Delete Task Flow Styles - Create, edit, and delete task flow styles for the portal. Create Task Flow Styles - Create task flow styles for the portal. Edit Task Flow Styles - Edit portal-level task flow styles. For more information, see Working with Task Flow Styles.	None Note: Permissions needs to be explicitly granted
Notes	Create, Edit, and Delete Notes - Create, edit and delete notes for the portal. Create Notes - Create notes for the portal. Edit Notes - Edit portal-level notes. Delete Notes - Delete notes in the portal.	None Note: Permissions needs to be explicitly granted
Notes	View Notes - View notes in the portal. For more information, see Adding Personal Notes to a Portal.	None Note: Permissions needs to be explicitly granted
Page Styles	Create, Edit, and Delete Page Styles - Create, edit, and delete page styles for the portal. Create Page Styles - Create page styles for the portal. Edit Page Styles - Edit portal-level page styles. For more information, see Working with Page Styles.	None Note: Permissions needs to be explicitly granted
Page Templates	Create, Edit, and Delete Page Templates - Create, edit, and delete page templates for the portal. Create Page Templates - Create page templates for the portal. Edit Page Templates - Edit portal-level page templates. For more information, see Working with Page Templates.	None Note: Permissions needs to be explicitly granted
Resource Catalogs	Create, Edit, and Delete Resource Catalogs - Create, edit and delete resource catalogs for the portal. Create Resource Catalogs - Create resource catalogs for the portal. Edit Resource Catalogs - Edit portal-level resource catalogs. For more information, see Working with Resource Catalogs.	None Note: Permissions needs to be explicitly granted
Skins	Create, Edit, and Delete Skins - Create, edit, and delete skins for the portal Create Skins - Create skins for the portal. Edit Skins - Edit portal-level skins. For more information, see Working with Skins.	None Note: Permissions needs to be explicitly granted
Task Flows	Create, Edit, and Delete Task Flows - Create, edit, and delete task flows based on a task flow style for the portal. Create Task Flows - Create task flows for the portal. Edit Task Flows - Edit portal-level task flows. For more information, see About Task Flows.	None Note: Permissions needs to be explicitly granted

Defining Custom Roles for a Portal

The default role of Portal Manager provided by WebCenter Portal contains administrative rights to the portal, but the Portal Manager can also delegate a portal member to be the delegated manager, create Viewer or Participant roles (using the Create Roles dialog), or define custom roles that are tailored to meet the purpose of the portal and help members accomplish their tasks in the portal.

Before you create custom roles, think about the purpose of the portal and how members would use the portal. For example, you might want members to:

edit the portal by adding pages or editing an existing page structure, or by adding task flows. See Table 28-2 for more information about basic permissions that you can grant users.
edit content within a page, while you might want other users to only view content. See Table 28-2 for more information about basic permissions that you can grant users.
work with specific tools or services, such as lists, documents, and so on. To allow portal members to do so, you will need to assign advanced permissions. See Table 28-3 to better understand the permissions you can grant users.

Note:

Take care to assign appropriate access rights when assigning permissions for new roles. Do not allow users to perform more actions than are necessary for the role but at the same time, try not to restrict them from activities they must perform. To assign roles to portal members and groups, see Adding Members to a Portal.

To remove a portal role, see Deleting Roles in a Portal.

This section contains the following topics:

Creating a Custom Role for a Portal

Before creating a new role, be sure to confirm that the Viewer or Participant roles cannot meet the role requirements.

See Creating Viewer and Participant Roles for a Portal for permissions associated with these two roles.

To create a new role for a portal:

In the portal administration, click Security in the left navigation pane, then click the Roles subtab.

Tip:

You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.

Figure 28-1 Portal Administration: Roles Page

Description of "Figure 28-1 Portal Administration: Roles Page"
To define a new role for this portal, click the Create Role drop-down and select Custom Role to open the Create Role dialog.

Figure 28-2 Creating a New Role for a Portal

Description of "Figure 28-2 Creating a New Role for a Portal"
Enter a suitable Role Name.
Names can contain alphanumeric characters, blank spaces, hyphens, and underscores. Make sure that role names are self-descriptive to make it as obvious as possible which member should belong to which roles.

Note:

You cannot use the name moderator or Moderator for a custom role. Even though the default role of Moderator was renamed in an earlier release to Portal Manager, the name moderator or Moderator is still reserved for internal use.
Enter a Description for the role.
Optionally, select a Role Template.
The new role inherits permissions from the role template. You can modify these permissions in the next step. If you do not select a role template, the new role is created with no permissions.
- Choose Portal Manager to create a role that inherits full administrative privileges for the portal.
- Choose Public-User or Authenticated-User to create a role that inherits permissions inherent in these two roles. The authenticated user role inherits all permissions of the public user role in a portal.
  
  If you have created other roles, for example, Viewer, Participant, or Delegated Manager, or another custom role, you will see those role templates as well.
Note:
- The Portal Manager role permission Manage Security and Configuration cannot be modified. Use caution in assigning this role to members because it contains full administrative privileges in the portal.
- The permissions inherent in the two seeded role templates allow users to view portal content. You can subsequently edit permissions for the user roles.
Click OK.

The new role appears as a row in the table on the Roles page.

To remove a portal role, see Deleting Roles in a Portal.
To modify permissions for the role, click Edit Permissions, and then select or deselect each permission check box.

To assign the custom role to portal members and groups, see Adding Members to a Portal.

Creating a Delegated Manager Role for a Portal

Portal managers can assign the Delegated Manager role for the portal to another member. The Delegated Manager role is a seeded role, but is not created by default when the portal is created. The Portal Manager has to explicitly create the role for a portal, as described in this section.

Note:

The Delegated Manager role assumes all the permissions inherent in the Portal Manager role, with the following two exceptions:

The Delegated Manager role has only Manage Configuration permissions in portal administration (this means that even though the Delegated Manager role includes all of the portal administration permissions, this role cannot access portal security, including roles and members).
The Delegated Manager cannot delete the portal.

The Delegated Manager role is assigned the default permissions described in Table 28-2 and advanced permissions, described in Table 28-3.

To create a Delegated Manager role:

In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Roles subtab (Figure 28-1).

Tip:

You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.
Click the Create Role drop-down and select Delegated Manager (see Figure 28-3).

Figure 28-3 Creating a Delegated Manager for a Portal

Description of "Figure 28-3 Creating a Delegated Manager for a Portal"

The Delegated Manager role is created and appears as a row in the table (see Figure 28-4).

Figure 28-4 Delegated Manager Role in Portal Administration

Description of "Figure 28-4 Delegated Manager Role in Portal Administration"
To modify permissions for the role, select the row and click Edit Permissions, and then select or deselect each permission check box.

For details, see Viewing and Editing Permissions of a Portal Role.

For the default permissions assigned to the Delegated Manager role, see Table 28-2 and Table 28-3 for more information.
To assign the Delegated Manager role to a portal member, see Adding Members to a Portal.

Note:

Be sure to remove or reassign the member from the Delegated Manager role if it is no longer necessary for the member to administer the portal. For more information, see Assigning or Changing Member Role Assignments.

Creating Viewer and Participant Roles for a Portal

The Viewer and Participant roles, like the Delegated Manager role, are not created automatically when a portal is created, even though they are seeded roles. The Portal Manager has to create the roles of Viewer and Participant for a portal using the Create Role drop-down.

Assign the Viewer role to members who are primarily going to view content in a portal, and assign the Participant role to members who will be modifying content in a portal.

Viewer and Participant roles are assigned the default permissions (described in Table 28-2) and advanced permissions (described in Table 28-3).

To create a Viewer or Participant role:

In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Roles subtab (Figure 28-1).

Tip:

You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.
To create a Viewer or Participant role for this portal, click the Create Role drop-down (Figure 28-3) and select either Viewer or Participant depending on the role you want to create.

The role you select is created and appears as a row in the Roles table.
To modify permissions for the role, select the appropriate row and click Edit Permissions, and then select or deselect each permission check box.

For details, see Viewing and Editing Permissions of a Portal Role.

For the default permissions assigned to the Viewer or Participant role, see Table 28-2 and Table 28-3 for more information.
To assign the Viewer or Participant role to a portal member, see Adding Members to a Portal.

Viewing and Editing Permissions of a Portal Role

If the permissions assigned to a user role are not sufficient for the tasks that users in the role will perform in the portal, or you want to change previously assigned permissions, you can modify the permissions to better suit your role requirements.

Note:

The Portal Manager role permission Manage Security and Configuration cannot be modified.
To accommodate the different tasks that a specific member can do in a portal, you can assign more than one role to a member. See Assigning or Changing Member Role Assignments.

To change the permissions assigned to a role:

In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Roles subtab (Figure 28-5).

Tip:

You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.

Figure 28-5 Portal Administration: Roles Page

Description of "Figure 28-5 Portal Administration: Roles Page"
To view permissions, select the role and then click Edit Permissions to open the Edit Permissions dialog for the selected role.

To edit permissions, in the Edit Permissions dialog, select or deselect the check boxes to enable or disable permissions for a role (Figure 28-6).

See Table 28-2 for more information. For more granular settings, see Using Advanced Permissions.

Note:

Take care to assign appropriate access rights when assigning permissions for new roles. Do not allow users to perform more actions than are necessary for the role but, at the same time, try not to inadvertently restrict them from activities they need to perform.

Figure 28-6 Modifying Permissions for a Portal (Standard Permissions)

Description of "Figure 28-6 Modifying Permissions for a Portal (Standard Permissions)"

If you want to allow portal members to view content or edit and create content, you must give them some standard permissions, described as follows.

To give members edit permissions, at a minimum, select the following options in the Edit Permissions dialog:

Permission Category	Permissions
Basic Services	Customize Pages - Add and remove list content, events, links, and notes.
.	View Pages and Content - View pages, lists, events, links, and notes in the portal.
Pages (Advanced)	Edit Pages - Add and remove list content, events, links, and notes.
.	View Pages - View pages in the portal.

To give members view permissions, at a minimum, select the following options in the Edit Permissions dialog:

Permission Category	Permissions
Basic Services	View Pages and Content - View pages, lists, events, links, and notes in the portal.
Pages (Advanced)	View Pages - View pages in the portal.

Permission Category

Permissions

Basic Services

View Pages and Content - View pages, lists, events, links, and notes in the portal.

Pages

(Advanced)

View Pages - View pages in the portal.

Click Save.

New permissions are effective immediately.

Note:

For information about granting access to individual pages in a portal, refer to Setting Page Security.

Using Advanced Permissions

Advanced permissions are detailed permissions that give you more flexibility over role assignments, but can become complex to manage and maintain. For example, you can set create, edit, view, and delete permissions for individual tools and assets, rather than setting the same permission for all tools or all asset types.

If advanced permissions are specified in a portal and the portal is used to create a custom template, the selected advanced permissions will be included in portals built from the custom template (provided Members Info or Roles Info is selected during template creation). See Creating a New Portal Template.

Note:

If you switch to using advanced permissions, you cannot revert to standard permissions. For more information, see Understanding Permissions and Permission Models in a Portal.

To use advanced permissions:

In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Roles subtab (Figure 28-7).

Tip:

You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.

Figure 28-7 Portal Administration: Roles Page

Description of "Figure 28-7 Portal Administration: Roles Page"
Click Advanced Permissions.

A warning message displays (Figure 28-8).

Figure 28-8 Switching to Advanced Permissions

Description of "Figure 28-8 Switching to Advanced Permissions"
Click OK to continue.
Notice that the Advanced Permissions link is no longer available.
Click Edit Permissions again, and in the Edit Permissions dialog, select or deselect the check boxes to enable or disable permissions for a role (Figure 28-9).

See Table 28-3 for more details about advanced permissions.

Note:

If you are working with a portal that was imported from a previous version of WebCenter Portal, you may see different permissions. Such permissions are only provided for migration purposes and do not apply to any new portals that you create with this release.

Figure 28-9 Modifying Permissions for a Portal (Advanced Permissions)

Description of "Figure 28-9 Modifying Permissions for a Portal (Advanced Permissions)"
Click Save.

New permissions are effective immediately.

Note:

For more detailed information about granting access permissions to a portal, and to individual pages within a portal, refer to Granting Users Access to a Portal.

Deleting Roles in a Portal

When a role is no longer required, the portal manager can remove it from the portal. This helps maintain a current (and valid) role list and prevents inappropriate role assignments.

To delete a role in a portal:

In the portal administration (see Accessing Portal Administration), click Security in the left navigation pane, then click the Roles subtab (Figure 28-10).

Tip:

You can also navigate to this page using the direct URL provided in Pretty URLs for Pages in a Specified Portal.

Figure 28-10 Portal Administration: Roles Page

Description of "Figure 28-10 Portal Administration: Roles Page"
Select the role you want to delete, then click Remove Role.

Note:

The Portal Manager, Public-User, and Authenticated-User roles cannot be deleted.
In the Delete Role confirmation dialog, click Delete to confirm that you want to delete the role.