This chapter describes Oracle WebCenter Content user login types, user logins, user information fields, and aliases. It also explains how to manage the logins and aliases. Oracle WebCenter Content user login types, logins, and aliases information is integrated with Oracle WebLogic Server user information by default, and with OPSS and other sources of user information according to customer configuration.
This chapter includes the following topics:
Content Server software supports the following user login types:
The default user type supported in 11g Release 1 (11.1.1) is external users. External users are defined outside the WebCenter Content system and authenticated by external security using the Oracle WebLogic Server Administration Console and Oracle Platform Security Services (OPSS). Once authenticated, external users can access the Content Server instance through Oracle WebLogic Server. Generally, external users are users in a trusted domain to whom you grant access, but do not manage through the WebCenter Content system. Their passwords are owned by the Oracle WebLogic Server domain, the network domain, or another provider such as Oracle Internet Directory, although the User Admin applet can be used to set a user password when converting an external user to a local user. Unlike local users, undefined external users are not assigned the guest role.
The first time users log in to the Content Server instance through Oracle WebLogic Server they are added to the Content Server database, and administrators can view external user information through the Repository Manager. However, external users are not automatically included in user lists, such as the Author field on a content Check In page. If an Override check box is selected on a user's User Profile page, any user information defined in the Content Server database overrides the user information derived from the external user base.
The Admin User applet only shows users after they have logged in at least one time to the Content Server instance. All users from the Oracle WebLogic Server user store or other user store outside the Content Server instance are shown as external users.
By default, external security integrations map a limited set of user information (user name, password, roles, accounts, and some additional information such as email address) from the external user base to the Content Server instance. If you are using LDAP integration, then additional user information, such as email address or user locale, can be mapped from the embedded LDAP server with the Oracle WebLogic Server Administration Console and integrated with Oracle Platform Security Services.
The following is a list of common characteristics of external users:
Login (authentication) is defined by: User ID and password are stored in a user database external to the WebCenter Content system, such as:
Trusted domain (such as Oracle WebLogic Server)
Lightweight Directory Application Protocol (LDAP)
Other database
Access (authorization) is determined by: Credentials (for example, roles) from a trusted domain or other user database (such as the Oracle WebLogic Server user store, Oracle Internet Directory, or another LDAP provider) and WebCenter Content.
User login: Oracle WebLogic Server and the Content Server instance must be running for users to log in.
User password: User passwords are defined on Oracle WebLogic Server or another user database (such as a LDAP server) by the administrator. Users cannot change their passwords on the Content Server instance.
Interface issues: User names do not appear in the content check-in lists. However, users can participate in workflows.
Follow this process to set up roles, groups, and accounts for external users:
Set up security groups. See Section 19.2.1.
Establish roles. See Section 19.4.1.
Arrange permissions. See Section 19.4.5.
(Optional) Use accounts. See Section 20.2.1.
For details about creating external users, see Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help.
Local users are defined by an administrator within the Content Server instance. Administrators assign these users one or more roles, which provide the user with access to security groups.
Caution:
Local users are not supported on the Oracle WebLogic Server domain. Although Content Server administrators can create and configure local users with the User Admin applet, for local users to be authenticated for access to the Content Server instance, the users and passwords also must be created with the Oracle WebLogic Server Administration Console. The default user type supported in 11g Release 1 (11.1.1) is external users.
The following is a list of common characteristics of local users:
Logins (authentication) are created by: Administrator in the Content Server.
Access (authorization) is determined by: Content Server roles, which provide access to security groups.
User login: Local users cannot log in to the Content Server Admin Server because the Admin Server requires logging in through Oracle WebLogic Server.
User password: Users can change their passwords.
Interface issues: User names appear in the content check-in lists. Users can specify whether to change full name, email address, and user type.
Considerations: Previously recommended for 1000 or fewer users, but now recommended only when required by the system administrator for purposes such as troubleshooting Content Server. Because of performance considerations, do not configure more than 1000 local users.
Follow this process to set up local users:
Set up security groups. See Section 19.2.1.
Establish roles. See Section 19.4.1.
Arrange permissions. See Section 19.4.5.
Assign user logins. See Section 18.3.1.
(Optional) Use accounts. See Section 20.2.1.
User logins are the names associated with the people who access Content Server. In 11g Release 1 (11.1.1) and later, by default user logins must be created on the Oracle WebLogic Server domain that hosts WebCenter Content and the Content Server instance. Authentication and credentials are handled by default with the Oracle WebLogic Server user store and associated security software instead of by the Content Server. For more information, see Oracle Fusion Middleware Application Security Guide.
Note:
Instructions for using the Oracle WebLogic Server Administration Console apply to users and groups in the Oracle WebLogic Authentication provider only. If you customize the default security configuration to use a custom Authentication provider, use the administration tools supplied by that security provider to create a user. If you are upgrading to the Oracle WebLogic Server Authentication provider, you can load existing users and groups into its database. See "Migrating Security Data" in Oracle Fusion Middleware Securing Oracle WebLogic Server.
Caution:
Although user logins still can be created and managed on the Content Server with the User Admin applet, they are not valid for authentication purposes unless they also have been created with the Oracle WebLogic Server Administration Console.
If you use a LDAP server and create a user login with the same name as a local user defined in the Content Server with the User Admin applet, the LDAP user is authenticated against LDAP when logging in, but receives roles assigned to the local user.
The Oracle WebLogic Server administrator assigns one or more groups to each user. A group provides the user access to files within the security groups. Undefined users are assigned to the guest group, which allows viewing of documents only in the Public security group by default.
You can also create a group of users that can be then referenced by a single name, or alias, in workflows, subscriptions, and projects. For example, it is much easier to add an alias called Support to a workflow than it is to add user1, user2, user3, and so on.
If you log in to multiple browser windows on the same computer using different login methods (such as standard login, Microsoft login, or self-registered login), the Content Server can become confused about which user is logged in to each window. Remember to close any open browser windows while testing different login methods.
Important:
User logins are case sensitive.
By default, user logins must be created and managed with the Oracle WebLogic Server Administration Console. For information and instructions on creating and managing user logins, see Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help. If you customize the default security configuration to use another Authentication provider, such as Oracle Internet Directory, use the administration tools supplied by that security provider to create and manage user logins.
If you need to set up a user (other than the Content Server administrator) to work with a standalone Content Server utility such as System Properties, you can use the User Admin applet in Content Server to create a local user. However, a user created with the User Admin applet cannot be authenticated for any other functions than standalone Content Server utilities, unless the user is also created with the Oracle WebLogic Server Administration Console.
The remainder of this section discusses the tasks involved in managing only Content Server user logins for standalone utilities.
Note:
As of 11g Release 1 (11.1.1), user logins must be added using the Oracle WebLogic Server Administration Console. Although user logins can be managed in Content Server for special purposes, they are not valid for authentication to the Content Server until they have been created with the Oracle WebLogic Server Administration Console. For information and instructions on creating and managing these user logins, see Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help.
To add a user login only for use with Content Server standalone utilities:
From the User Admin: Users tab, click Add.
Set the Authorization Type from the menu. For more information, see Section 18.1.
Click OK.
In the Add/Edit User window, enter information about the user.
If you enter a password, you must reenter the same password in the Confirm Password field.
Keep in mind that the user name and password are case-sensitive.
Assign roles to the user.
If accounts are enabled, assign accounts to the user.
Click OK.
Note:
As of 11g Release 1 (11.1.1), user logins must be edited using the Oracle WebLogic Server Administration Console. Although user logins can be managed in the Content Server for special purposes, they are not valid for authentication to Content Server until they have been created with the Oracle WebLogic Server Administration Console. For information and instructions on editing and managing user logins, see Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help.
To edit a user login only for use with Content Server standalone utilities:
From the Users tab of the User Admin window, double-click the user name, or select the user name and click Edit.
In the Add/Edit User window or Add/Edit User: Info tab (Global User), edit the user login as necessary.
If you change the user locale for a user who has the sysmanager role, you must restart the Admin Server service for the Admin Server interface to appear in the user's locale language.
Note:
As of 11g Release 1 (11.1.1), user logins must be deleted using the Oracle WebLogic Server Administration Console. Although user logins can be managed in Content Server for special purposes, they are not valid for authentication to Content Server until they have been created with the Oracle WebLogic Server Administration Console. For information and instructions on deleting and managing user logins, see Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help.
To delete a user login only for use with Content Server standalone utilities:
In the Users tab of the User Admin window, select the user name.
Click Delete.
Click Yes.
If you delete a user who is involved in a workflow, you are prompted to confirm the deletion. You must adjust the workflow and remove the user from the list of workflow reviewers.
Note:
As of 11g Release 1 (11.1.1), user logins must be managed using the Oracle WebLogic Server Administration Console. Although user logins can be managed in Content Server for special purposes, they are not valid for authentication to Content Server until they have been created with the Oracle WebLogic Server Administration Console. For information and instructions on creating and managing user logins, see Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help.
To define an alias only for use with Content Server standalone utilities:
Display the User Admin window Aliases tab.
Click Add.
In the Alias Name field on the Add New Alias/Edit Alias window, enter a name that identifies the group of users.
In the Description field, enter a detailed description of the alias.
Click Add.
In the Select Users window, select the user names from the list.
To narrow the list of users on the Select Users page, select Use Filter, click Define Filter, select the filter criteria, and click OK.
To select a range of users, click one user login, then hold down the Shift key while clicking another user login.
To select users individually, hold down the Ctrl key while clicking each user login.
Click OK.
Close the User Admin page.
Note:
As of 11g Release 1 (11.1.1), user logins must be managed with the Oracle WebLogic Server Administration Console. Although user logins can be managed in Content Server for special purposes, they are not valid for authentication to Content Server until they have been created with the Oracle WebLogic Server Administration Console. For information and instructions on editing and managing user logins, see Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help.
To edit an alias only for use with Content Server standalone utilities:
Display the User Admin: Aliases tab window.
Highlight an alias and click Edit.
Alter the information as needed on the Add New Alias/Edit Alias window.
In the Description field, enter a detailed description of the alias.
Click OK.
Close the User Admin page.
Note:
As of 11g Release 1 (11.1.1), user logins must be managed with the Oracle WebLogic Server Administration Console. Although user logins can be managed in Content Server for special purposes, they are not valid for authentication to Content Server until they have been created with the Oracle WebLogic Server Administration Console. For information and instructions on deleting and managing user logins, see Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help.
To delete an alias only for use with Content Server standalone utilities:
Display the Add New Alias/Edit Alias window.
Highlight the alias to be deleted and click Delete.
A page appears, asking you to confirm the deletion. Click Yes to delete the entry or No to retain it.
Close the User Admin page.
User information defines the unique attributes of a user, such as full name, password, and email address. User information fields describe a user in the same way that metadata fields describe a content item. User information is stored in the Content Server database, and can be used to sort users, display user information on Content Server web pages, or customize the display of web pages based on user attributes.
The following user information fields are predefined in the system. These fields cannot be deleted, and the field name and type cannot be changed.
| Name | Type | Caption | Is Option List | 
|---|---|---|---|
| dFullName | Long Text | Full Name | False | 
| dEmail | Long Text | E-mail Address | False | 
| dUserType | Text | User Type | True | 
| dUserLocale | Text | User Locale | True | 
This section covers these topics:
To add a new user information field:
In the User Admin: Information Fields tab, click Add.
Enter a new field name in the Add Metadata Field Name window. Duplicate names are not allowed. Maximum field length is 29 characters. The following are not acceptable: spaces, tabs, line feeds, carriage returns and ; ^ ? : @ & + " # % < * ~ |
Click OK.
In the Edit Metadata field window, configure the properties for the field, and click OK.
Click Update Database Design.
To edit an option list key:
In the Edit Metadata Field window, select Enable Option List.
Click Edit.
Add, edit, or delete option values on the Option List window.
Each value must appear on a separate line.
A blank line will result in a blank value in the option list.
To sort the list, select sort options and click Sort Now.
Click OK.
To edit a user information field:
Double-click the field, or select the field and click Edit.
Add, edit, or delete option values on the Edit Metadata Field window.
Click OK.