Portal Control Security

Many Portal Controls have secured methods, meaning that any control attempting to execute such a method would need to be in an authorized security role. You can specify security roles in a Page Flow on each action. A user must be a member of the designated role(s) for the action to be fired. For example, the User Provider Control has a removeUser() method that requires the caller to be in the role of "PortalSystemAdministrator" or "Admin." See Portal Control Properties for more information.

For user and group management actions, the roles you specify in the WebLogic Administration Portal Authentication Security Provider Service determine whether or not the user can perform the action.

You can add security roles to a domain using the WebLogic Server Administration Console.

Related Topics

Security Roles (WebLogic Server e-docs topic)

Adding Portal Controls to Java Page Flows

Portal Control Properties

Portal Control Declaration

Working with Java Controls