| Download Docs | Site Map | Glossary | |
|
|
|||
| bea.com | products | dev2dev | support | askBEA |
|
|
|
|||||||
 |
| e-docs > WebLogic Platform > WebLogic Portal > Administration Guide > Administering Users and Groups |
|
Administration Guide
|
Administering Users and Groups
In WebLogic Portal, users can be visitors or administrators of your Portal.
A user can be a visitor to a portal Web site and can be granted the authority to view or use specific Web portal content and personalize their portal views.
A user can also be an administrator in WebLogic Portal. Depending on the type of authority granted, an administrator can create new portals, modify the authority of visitors and other administrators, and modify many of the attributes displayed in the portal. You can find information about the different types of administrators and their authority attributes in Creating Administrative Users.
Users are also significant in that they can be divided into Groups to provide a customized view of your portal. A Group Portal is a specific view of a portal that is defined for a given group of users. You can create multiple Group Portals within a portal Web application. Group Portals can share portal resources, such as layouts and portlets, but can be configured differently to satisfy the needs of each group separately.
Note: WebLogic Portal can use preexisting users and groups in an existing WebLogic Portal database or in an external system such as an LDAP server. If you already have users and groups established, you can skip the Creating and Managing Users and Creating and Managing User Groups subjects in this section.
This section includes information on the following subjects:
Before You Begin: Security for Users
This section describes the administrative users who can launch and log into the administration tools.
If you are using an external security system to manage your users, such as an LDAP server, configure the authentication security in that system. For information on integrating with external security realms, see "Adding Security to a Portal" in the Development Guide at http://download.oracle.com/docs/cd/E13218_01/wlp/docs70/dev/securty.htm.
Changing the Default Administrators and Passwords
Following are the default administrators and passwords that are created when you create a new domain. Using the procedures in this section, change these passwords to ensure administrative security, then create additional administrative users as needed.
Creating and Managing Users
This section includes procedures for creating and managing users with the User Management tools in the WebLogic Portal Administration Tools. You can also create and manage users in the WebLogic Server Console and in Group Portals.
Note: In the WebLogic Server Console, which you can log into only as a WebLogic Server system administrator, create and manage users in the Compatibility Security area.
The procedures in this section assume that you can log in to the WebLogic Portal Administration Tools as a WebLogic Portal system administrator or a portal or Group Portal administrator with user management rights. See Creating Administrative Users for more information.
This section includes information on the following subjects:
Creating Users
When you create users, those users are stored in the domain and are automatically available for all applications in that domain.
Use the following procedure to create new users:
Figure 6-1 User Management Home Page
Usernames are case sensitive, and the administration tools do not allow the creation of a users "system" or "guest", as these are reserved WebLogic Server names.
For User Type, select a profile type. The user will be an instance of this profile type. This allows the system to access explicit properties in a Unified User Profile type and ensures proper data cleanup when the user is removed.
Note: Unexpected results may occur if the same value is used for a user name and a group name. To prevent this, add the following system property to your start script:
-D"com.bea.p13n.RestrictSameNameForUsrAndGroup=true"
This system property prevents the creation of a user name and a group name with the same value.
Modifying and Deleting Users
This section includes information on the following subjects:
Changing User Passwords
Use the following procedure to change a user's password:
Figure 6-2 Changing a User's Password
Changing User Properties
Users have characteristics, or properties, that are used to target them with personalized content. These properties, such as address information, employment details, personal interests, and investing characteristics, for example, appear as editable fields in the WebLogic Portal Administration Tools.
These properties and their default values are defined in the development process. For more information, see "Implementing User Profiles" in the Development Guide at http://download.oracle.com/docs/cd/E13218_01/wlp/docs70/dev/usrgrp.htm.
To change user properties:
Deleting Users
When you delete a user from the domain, you delete the user from all applications residing on that domain, and they can no longer sign in to portals if authentication is required.
Use the following procedure to delete a user from the domain.
Creating and Managing User Groups
Groups in WebLogic Portal provide a means for organizing users with common characteristics within a single category. Adding users to groups makes it possible for administrators to create Group Portals, which control visitor access to portal content. Groups also gives developers a single entry point for tasks such as sending bulk e-mail, setting up security, and managing group characteristics.
This section includes information on the following subjects:
Creating User Groups
To create a user group:
If you want to create the new group as a sub-group that will inherit the characteristics of a parent group, click the arrow icon next to the parent group, then click the + icon beneath that group. Users added to a sub-group are automatic members of the parent group as well.
Figure 6-4 Creating a New Group
Note: Unexpected results may occur if the same value is used for a user name and a group name. To prevent this, add the following system property to your start script:
-D"com.bea.p13n.RestrictSameNameForUsrAndGroup=true"
This system property prevents the creation of a user name and a group name with the same value.
Adding Users to User Groups
To add users to a group:
Figure 6-5 Editing a Group
Figure 6-6 Adding Users to a Group
Removing Users from Groups
When you remove users from a group, those users are not deleted from the domain. They continue to exist and stay members of any other groups they are associated with. You must repeat this procedure to remove users from other groups. For the procedure to delete users from the domain, see Deleting Users.
To remove users from a group, follow the same procedure for Adding Users to User Groups. When you get to the Add/Remove Group Search Results page (Figure 6-6), move the user(s) from the Group Search Results list to the Search Results list.
Modifying and Deleting User Groups
This section includes information on the following subjects:
Viewing Group Members
To view the members of a group:
Changing Group Properties
Groups have the same characteristics, or properties, available to them as users do. Changing group characteristics is the same procedure as Changing User Properties. The difference is that you click the name of a group to change its property values.
Adding Groups to Groups
Adding groups to groups is the equivalent of creating subdirectories on a file system. In WebLogic Portal, a sub-group automatically inherits the property values of the group it is added to, and users that belong to a sub-group automatically become members of the parent group.
Creating User Groups contains instructions for adding a group to another group when first creating a group. After a group is created, follow this procedure to make it a sub-group.
Figure 6-8 Editing a Group
To move a group up to the top level, click the + icon next to Move group to top level at the bottom of the page.
Deleting Groups
Deleting a group deletes only the group, not the users in that group. When deleting a group, make sure no Group Portals are based on that group. Also, coordinate group deletion with your development team, because the group might be used in the code they have written.
If a group does not have a delete icon next to its name, it is a group provided by BEA that cannot be deleted.
Creating and Managing Group Portals
A Group Portal is a specific view of a portal defined for a specific group of users. You can create multiple Group Portals within a portal. Group Portals can share portal resources, such as layouts and portlets, but can be configured differently to satisfy the needs of each group separately.
For example, a portal can contain some portlets designated for managers and others designated for employees. You can define a Group Portal that shows only the manager portlets, and you can define another Group Portal that shows only the employee portlets. Because managers are made members of the Manager Group Portal, they can view the manager-related portlets when they log in. Because non-manager employees are not members of the Manager Group Portal, they will not see the manager-related portlets when they log in. Each Group Portal is a single administration unit that can have its own group administrator(s).
After you create user groups in WebLogic Portal (see Creating User Groups), grant these groups specific access to portals and portlets by creating a Group Portal.
You can use only one group in a Group Portal. You can, however, use a single group that contains sub-groups. All sub-groups will be considered members of the Group Portal.
This section includes information on the following subjects:
Step 1: Create a Group to Be Used in a Group Portal
To create a Group Portal, you must have a group to assign to the Group Portal. If you have existing groups, you can use one of those to define a Group Portal.
If you need to create a group for use in a Group Portal, follow the procedure for Creating User Groups, then follow the procedure for Adding Users to User Groups.
Be sure to add the users to the group that will administer the Group Portal. Group Portal administrators must also be members of the AdminEligible group.
Step 2: Create a Group Portal
To create a Group Portal:
Figure 6-9 Creating a Group Portal
Figure 6-10 Setting up the Group Portal
Figure 6-11 Assigning a User Group to the Group Portal
Figure 6-13 The New Group Portal Appears
For information on Entitlement Segments, see Creating Groups to Control Page and Portlet Access and Establishing Portal Access Using Group Portals.
Step 3: Set up Group Portal Administrators
To set up administrators for a Group Portal, see Creating Group Portal Administrators.
Creating Administrative Users
There are four levels of administrators in WebLogic Portal, each at a lower level in the administrative hierarchy, as shown in Figure 6-14.
Figure 6-14 Administrative Hierarchy
This section includes information on the following subjects:
Creating WebLogic Server System Administrators
To create a WebLogic Server system administrator with full administrative rights in a domain, follow this procedure. To complete this procedure, you must have WebLogic Server system administration rights.
Creating a WebLogic Server System Administrator
http://<hostname>:<port>/console
The user is now a WebLogic Server system administrator.
Removing WebLogic Server System Administrators
Removing administrators does not delete the users themselves. It simply removes them from administrator group membership.
In the WebLogic Server Console, under Compatibility Security
Creating Portal System Administrators
To create a Portal system administrator with full administrative rights in an enterprise application (multiple portals), follow this procedure. To complete this procedure, you must have WebLogic Server or Portal system administration rights.
Creating a Portal System Administrator
The user is now a Portal system administrator.
Removing Portal System Administrators
Removing administrators does not delete the users themselves. It simply removes them from administrator group membership.
To remove a Portal system administrator, remove the user from the SystemAdministrator group. See Removing Users from Groups.
Creating Portal Administrators
To create a Portal administrator with full or partial administrative rights in a single portal, follow this procedure. To complete this procedure, you must have system administration or portal user management rights.
Creating a Portal Administrator
Figure 6-16 Setting Portal Administrator Rights
When new portal administrators log in to the WebLogic Portal Administration Tools, they are taken directly to the Portal Management Home page, where they can modify only the aspects of the portal for which they were given rights.
Removing Portal Administrators
Removing administrators does not delete the users themselves. It simply removes them from administrator group membership.
To remove a portal administrator:
Creating Group Portal Administrators
When you create a Group Portal (Step 2: Create a Group Portal), you have the opportunity to copy the administrators of an existing Group Portal for use in the new Group Portal. If you want to set up different or additional Group Portal administrators, follow this procedure.
Notes: You must have system administration or user management rights.
Users already assigned as portal administrators cannot be assigned as group administrators with less-powerful administrative rights.
Creating a Group Portal Administrator
Figure 6-17 Editing Group Administrators
Figure 6-18 Setting Group Administrator Rights
When new group administrators log in to the WebLogic Portal Administration Tools, they are taken directly to the Portal Management Home page, where they can modify only the Group Portals and only the aspects of those Group Portals for which they were given rights.
If given user management and delegation rights, Group Portal administrators can create users and make them Group Portal administrators (using the links on the left side of the Group Portal Management Home page).
Changing Group Portal Administrators to Portal Administrators
Follow the procedure for Creating Portal Administrators.
Removing Group Portal Administrators
Removing administrators does not delete the users themselves. It simply removes them from administrator group membership.
To remove a Group Portal administrator:
Creating Groups to Control Page and Portlet Access
You can determine the pages and portlets visitors see in a portal by defining and using groups called Entitlement Segments. Instead of being groups of users, Entitlement Segments are groupings of characteristics, such as visitor gender, the type of browser being used, and date or time information. If visitors match the characteristics, they are automatically and dynamically members of that entitlement segment, and they can see—or not see—the pages and portlets you designate.
This section includes information on the following subjects:
Creating Entitlement Segments
Figure 6-19 Creating a New Entitlement Segment
In the Conditions pane, select the type(s) of characteristics that will define the Entitlement Segment, as shown in Figure 6-20.
The visitor characteristics and HTTP session and request characteristics are defined by developers in the E-Business Control Center in the User Profiles, Request, and Session tools on the Site Infrastructure tab.
Figure 6-20 Setting Entitlement Segment Characteristics
Click each hyperlink to set the values for the condition. For example, when you select The visitor has specific characteristics condition and click the characteristics hyperlink, you can select the visitor characteristics that define the Entitlement Segment, as shown in Figure 6-21.
Figure 6-21 Selecting a Visitor Characteristic
Figure 6-22 Selecting a Value for the Characteristic
Modifying and Deleting Entitlement Segments
Before modifying or deleting an Entitlement Segment, keep in mind that doing so will affect the Group Portals that use the Entitlement Segment.
Modifying - To modify an Entitlement Segment, select the Entitlement Segments tool in the E-Business Control Center Explorer window, double-click the name of the Entitlement Segment you want to modify, and click Edit in the Entitlement Segment window. Be sure to synchronize your changes.
Deleting - To delete an Entitlement Segment, select the Entitlement Segments tool in the E-Business Control Center Explorer window, select the Entitlement Segment you want to delete, click Delete on the Explorer toolbar, and click Yes in the confirmation window. Be sure to synchronize your change.
After you make your modifications or deletions, synchronize the data by clicking the Synchronize button on the E-Business Control Center toolbar, and if prompted, log in as the WebLogic Portal system administrator.
Creating Groups to Target Content to Customers
You can target visitors with Web content and campaigns by defining and using groups called Segments. Instead of being groups of users, Segments are groupings of characteristics, such as visitor gender, the type of browser being used, and date or time information. If visitors match the characteristics, they are automatically and dynamically members of that Segment and are shown the specific Web content you determine or are targeted with campaign actions you create.
This section includes information on the following subjects:
Creating Customer Segments
Modifying and Deleting Customer Segments
Before modifying or deleting Segments, keep in mind that doing so may affect the Content Selectors and campaigns you have created.
The procedures and considerations for modifying and deleting Segments are the same as those for Entitlement Segments. See Modifying and Deleting Entitlement Segments.
|
|
|
|
||
 |
|
|
 |
 |
 |
|
||
