System Defaults

42.1 ACLs

WebCenter Sites and its applications use several default ACLs to control user access to their features and functions. This section summarizes the permissions that can be specified in an ACL, and describes the default system ACLs.

This section covers the following topics:

42.1.1 Permissions

An ACL specifies a set of permissions. When an ACL is assigned to a database table, only the permissions specified in the ACL can be exercised on the database table. Only a user with the same ACL as the table can exercise those permissions.

The following table lists all the permissions that can be specified in an ACL.

Table 42-1 Permissions Supported by WebCenter Sites

Permissions	Bit Mask (see note 1)	Action
Read	1	Read data from a table.
Write	2	Write information to a table. (see note 2)
Create	4	Create a table.
Delete	8	Delete information from a table.
Retrieve	16	Retrieve the contents of a URL column, also known as an upload field. For more information about URL columns, see Indirect Data Storage with the WebCenter Sites URL Field in the Developing with Oracle WebCenter Sites.
Revision Tracking Audit	32	Access all the revision tracking information for the rows (records) in a tracked table.
Revision Tracking Admin	64	Assign or remove revision tracking on a table.

Note:

When an ACL is created, the bit mask numbers for each permissions assigned to an ACL are added together and the totals are listed with the ACL in the SystemACL table.
To add a row to a table, the user must have Create permission.

42.1.2 Accessing ACLs

ACLs and their permissions are accessible as either a listing or an individual entry.

To obtain the list of ACLs and their permissions, open the SystemACL table directly.
To obtain an individual ACL and its permissions, use the administrator's interface:

In the General Admin tree, expand the Admin node, expand the User Access Management node, and then double‐click ACLs.
In the drop-down menu, select the ACL you want to work with.
Select Modify ACL and click OK.

Caution:

Never modify a default system ACL. Never modify the SCLs assigned to any of the system tables.

See System ACLs and Their Permissions.

42.2 System ACLs and Their Permissions

The following table lists the system ACLs and their permissions. Each system ACL exists to control access to specific parts of the database tables, and subsequently, the product features that use those tables. Although several of the default ACLs have the same set of permissions, the ACLs are all necessary because they are assigned to different tables.

Table 42-2 System ACLs and Their Permissions

ACL Name	Read	Retrieve	Write	Create	Delete	Rev. Track Audit	Rev. Track Admin
Browser	Yes	No	No	No	No	No	No
ContentEditor	Yes	Yes	Yes	Yes	Yes	Yes	No
ElementEditor	Yes	Yes	Yes	Yes	Yes	Yes	No
ElementReader	Yes	No	No	No	No	No	No
PageEditor	Yes	Yes	Yes	Yes	Yes	Yes	No
PageReader	Yes	No	No	No	No	No	No
RemoteClient	Yes	Yes	Yes	Yes	Yes	Yes	Yes
SiteGod	Yes	Yes	Yes	Yes	Yes	Yes	Yes
TableEditor	Yes	Yes	Yes	Yes	Yes	Yes	No
UserEditor	Yes	Yes	Yes	Yes	Yes	Yes	No
UserReader	Yes	No	No	No	No	No	No
Visitor	Yes	Yes	Yes	Yes	Yes	Yes	No
VisitorAdmin	Yes	Yes	Yes	Yes	Yes	Yes	Yes
WsAdmin	No	No	No	No	No	No	No
WSEditor	No	No	No	No	No	No	No
WSUser	No	No	No	No	No	No	No
xceladmin	Yes	Yes	Yes	Yes	Yes	Yes	Yes
xceleditor	Yes	Yes	Yes	Yes	Yes	Yes	No
xcelpublish	Yes	Yes	Yes	Yes	Yes	Yes	No

The following table describes the functions of each ACL and how each ACL is used by Oracle WebCenter Sites and the WebCenter Sites content applications.

Table 42-3 System ACLs and Their Descriptions

ACL Name	Description
Browser	Allows read-only access to the content in the WebCenter Sites database. It is assigned to most of the system default and sample site users. WebCenter Sites requires that all visitors to an online site that it manages have user accounts. For this reason, WebCenter Sites is delivered with a default user account, named DefaultReader, that it assigns to all non-authenticated visitors, that is, those who do not have a user account of their own. The Browser ACL is assigned to the DefaultReader user account, which gives non-authenticated visitors read-only access rights to the content in the WebCenter Sites database.
ContentEditor	Used in a sample WebCenter Sites site. This ACL is assigned to the tables that support the sample site.
ElementEditor	Allows users to write data to the ElementCatalog and SystemSQL tables. Site designers and anyone who creates templates, CSElement, and SiteEntry assets require this ACL.
ElementReader	Allows users to read data in the ElementCatalog and SystemSQL tables. WebCenter Sites users require this ACL so they can inspect the templates assigned to their assets.
PageEditor	Allows users to create page entries in the SiteCatalog table. Site designers and anyone who creates a template, CSElement, or SiteEntry asset requires this ACL.
PageReader	Allows users to read page entries from the SiteCatalog table. WebCenter Sites users require this ACL so they can inspect the templates assigned to their assets.
RemoteClient	Grants users the ability to log in to the WebCenter Sites management system through a remote client.
SiteGod	Enables complete access to all the tables in the WebCenter Sites database. At least one user of the management system, typically an administrator, must have the SiteGod ACL.
TableEditor	Allows users to create and delete tables in the WebCenter Sites database. Site designers who create database tables or who create asset types (which causes tables to be created) require this ACL. Administrators or anyone else who will use the Initialize Mirror Destination feature also requires this ACL.
UserEditor	Allows users to manage user accounts. Administrators require this ACL.
UserReader	Allows user account information to be recognized by WebCenter Sites. WebCenter Sites uses this ACL to determine which users have which roles on which sites. All users require this ACL to be able to access the content management sites to which they are assigned.
Visitor	Grants users the ability to write data to the Oracle WebCenter Sites: Engage tables that store visitor data, and to create recommendation assets. Any Engage user who requires to create Recommendation assets requires this ACL. Any authorized visitor (of Engage assets) whose data you are collecting on the delivery system must have this ACL assigned to their user account. All unauthorized visitors of the online site are automatically assigned this ACL (in the DefaultReader user account). See Understanding DefaultReader, secure.CatalogManager, and secure.TreeManager.
VisitorAdmin	Grants users the ability to create visitor attributes, history attributes, and history types. Any Engage user who requires to create assets of those types requires this ACL.
WSUser	Assigned to SiteCatalog page entries for the Web Services feature. Grants users the ability to access WebCenter Sites through the WebCenter Sites web services.
WSEditor	Assigned to SiteCatalog page entries for the Web Services feature. Grants users the ability to access WebCenter Sites through the WebCenter Sites web services.
WSAdmin	Assigned to SiteCatalog page entries for the Web Services feature. Grants users the ability to access WebCenter Sites through the WebCenter Sites web services.
xceladmin	Grants users the ability to create user profiles, roles, sites, asset types, and so on—that is, to use all the functions in the Admin, Site Admin, and Workflow tabs. System, site, and workflow administrators require this ACL. Also, because the Admin tab has both administrative and site design functions, site designers also require this ACL.
xceleditor	Grants users the ability to log in to the WebCenter Sites content applications. The login request code verifies whether a user has the ACL. All users of the management system requires this ACL.
xcelpublish	Grants users the ability to view the Publish Console.

42.3 ACLs of Default Users

The following table describes which ACLs are assigned to the default users.

Table 42-4 Default Users and Their ACLs

User Name	Browser	Description
fwadmin	Browser ElementEditor PageEditor PageReader RemoteClient TableEditor UserEditor UserReader Visitor VisitorAdmin xceladmin xceleditor xcelpublish wsadmin wseditor wsuser	Basic administrator user that WebCenter Sites creates so that you can begin configuring your WebCenter Sites content applications. Do not delete this user unless another user with identical ACLs exists.
WebCenter Sites (the installation's user account)	Browser ContentEditor ElementEditor ElementReader PageEditor PageReader SiteGod TableEditor UserEditor UserReader	User account that the installation program creates during the installation of the products. The name of this account is whatever the installers chose for it.
DefaultReader	Browser Visitor	Browser is the ACL that WebCenter Sites assigns to non-authenticated site visitors on the delivery system. The Visitor ACL is also automatically assigned.

User Name

Browser

Description

fwadmin

Browser

ElementEditor

PageEditor

PageReader

RemoteClient

TableEditor

UserEditor

UserReader

Visitor

VisitorAdmin

xceladmin

xceleditor

xcelpublish

wsadmin

wseditor

wsuser

Basic administrator user that WebCenter Sites creates so that you can begin configuring your WebCenter Sites content applications.

Do not delete this user unless another user with identical ACLs exists.

WebCenter Sites

(the installation's user account)

Browser

ContentEditor

ElementEditor

ElementReader

PageEditor

PageReader

SiteGod

TableEditor

UserEditor

UserReader

User account that the installation program creates during the installation of the products.

The name of this account is whatever the installers chose for it.

DefaultReader

Browser

Visitor

Browser is the ACL that WebCenter Sites assigns to non-authenticated site visitors on the delivery system. The Visitor ACL is also automatically assigned.

42.4 Required ACLs for Custom Users

The following table lists the ACLs that would be required by users based on common user descriptions.

Table 42-5 System ACLs Required by Users

User	Required ACLs
All users	Browser, Element Reader, PageReader, UserReader, xceleditor
Workflow Administrator Site Administrator	xceladmin
General Administrator	xceladmin, TableEditor, UserEditor, VisitorAdmin (for Engage)
Site Designer	xceladmin, ElementEditor, PageEditor, TableEditor, Visitor (for Engage), Visitor Admin (for Engage)
Engage Users	Visitor
Users of Web Mode in the Oracle WebCenter Sites: Contributor interface	Browser, ElementReader, PageReader, RemoteClient, UserReader, Visitor (for Engage), xceleditor

42.5 System Roles

The following table describes the system roles in WebCenter Sites, and the access the role has.

Table 42-6 System Roles

Role	Description
GeneralAdmin	Default system role for global WebCenter Sites administrators. Required for users who require access to the Admin tab (and all other possible functions) in the tree. Note: A user with the GeneralAdmin role must also have the xceladmin ACL to use any of the functions in the Admin tab.
SiteAdmin	Default system role for site administrators. Required for users who are administrators of selected sites and therefore require access to the Site Admin tab (which shows a subset of the functions in the Admin tab). Assign the SiteAdmin role to users who will manage, but not create, other site users. Note: A site user with the SiteAdmin role must also have the xceladmin ACL to use any of the functions on the Site Admin tab.
WorkflowAdmin	Default system role for workflow administrators. Required for users who require access to the Workflow tab in the tree. Note: A user with the WorkflowAdmin role must also have the xceladmin ACL to use any of the functions on the Workflow tab.
AdvancedUser	Grants WebCenter Sites users access to the Admin interface.
SitesUser	Grants WebCenter Sites users access to the Contributor interface.

42.6 System Asset Types

The following table lists the default asset types. Unlike custom asset types, system asset types cannot be deleted.

Table 42-7 System Asset Types

Asset Type	Description
Attribute Editor	An attribute editor specifies how data is entered for a flex attribute when that attribute is shown on a New or Edit form for a flex asset or a flex parent asset. It is similar to a template asset. However, unlike a template asset, you use it to identify the code for WebCenter Sites to use when it shows an attribute in the Oracle WebCenter Sites interface—not when it shows the value of an attribute on your online site.
CSElement	Stores code (XML or JSP and Java) does not render assets. Typically, you use CSElements for common code to call from multiple templates (a banner perhaps). You also use CSElements to provide the queries that are required to create DynamicList recommendations in Engage.
Collection	Stores an ordered list of assets of one type. You build collections by running one or more queries, selecting items from their resultsets, and then ranking (ordering) the items that you selected. This ranked, ordered list is the collection. For example, you could rank a collection of articles about politics so that the article about last night's election results is number one.
Dimension	Represents a locale in a site. You must create a Dimension asset for each locale you want to enable on the management system. To enable publishing of content in a given locale, you must publish the corresponding Dimension asset to the delivery system, and enable the locale in the site's dimension set.
Dimension Set	Defines which locales and locale filter are enabled on the online site. For locale filtering to work on the delivery site, you must create and publish to the delivery system at least one DimensionSet asset. Has no effect on the management system.
History Attribute	Individual information types that you group together to create a vector of information that Engage treats as a single record. This vector of data is the history definition. For example, a history type called Purchases can consist of the history attributes SKU, itemname, quantity, and price. Available in Engage.
History Definition	The vector of data in a History Attribute. This vector of data is the history definition. For example, a history type called Purchases can consist of the history attributes SKU, itemname, quantity, and price. Available in Engage.
Page	Stores references to other assets. Arranging and designing page assets is how you represent the organization or design of your site. You design page assets by selecting the appropriate collections, articles, imagefiles, queries, and so on for them. Then, you position your page assets on the Site Plan tab that represents your site in the tree on the left side of the WebCenter Sites interfaces.
Promotion	Is a merchandising asset that offers some type of value or discount to your site visitors based on the flex assets (for example, products) that the visitor is buying and the segments that the visitor qualifies for. Available in Engage.
Query	Stores queries that retrieve a list of assets based on selected parameters or criteria. You use query assets in page assets, collections, and recommendations. The database query can be either written directly in the New or Edit form for the query asset as a SQL query, or written in an element (with WebCenter Sites query tags or a as a search engine query) that is identified in the New or Edit form.
Recommendation	This is like an advanced collection. It collects, assesses, and sorts flex assets (products or articles, perhaps) and then recommends the most appropriate ones for the current visitor, based on the segments that visitor belongs to. Available in Engage.
Segment	Assets that divide visitors into groups based on common characteristics (visitor attributes and history types). You build segments by determining which visitor data assets to base them on and then setting qualifying values for those criteria. For example, a segment could define people who live in Alaska and own fly fishing gear, or it could define people who bought a personal computer in the past six months, and so on. Available in Engage.
SiteEntry	Represents a WebCenter Sites page or pagelet and has a CSElement assigned as the root element that generates the page. Template assets do not have associated SiteEntry assets because they represent both an element and a WebCenter Sites page.
Template	Stores code (XML or JSP and Java) that renders other assets into WebCenter Sites pages and pagelets. Developers code a standard set of templates for each asset type (other than CSElement and SiteEntry) so that all assets of the same type are formatted in the same way. Content providers can select templates for previewing their content assets without having access to the code itself or being required to code.
Visitor Attribute	Holds types of information that specify one characteristic only (scalar values). For example, you can create visitor attributes named Years of Experience, Job Title, or Number of Children. Available in Engage.

42.7 Default Tree Nodes

The following table lists the default nodes in the tree in the WebCenter Sites Admin interface. These nodes are critical to WebCenter Sites. All features which stem from WebCenter Sites can be accessed through these nodes; they are automatically created upon installation.

Table 42-8 Default Tree Nodes in the WebCenter Sites Admin interface

Tab	Description
Admin	Shows the administrative functions that affect all of the CM sites in the system. By default, only users with the default system role named GeneralAdmin have access to this tab.
Bookmarks	Holds a list of all bookmarked pages. Frequently-used pages can be marked and accessed from this tab to make finding them easier.
Connector Admin	Shows the administrative functions for administering WCC Connector.
History	Shows the assets that you worked with during the current session. All users see this tab as soon as they create, inspect, edit, or copy their first asset.
Mobility	Shows the administrative arrangement of mobile devices and their groupings. The administration of the mobile devices is done from here.
Site Admin	Holds a subset of the system-wide administrative functions. The subset applies only to the CM site that the SiteAdmin is logged in to. By default, only users with the default system role named SiteAdmin have access to this tab. This tab is useful if to individuals who manage access to individual CM sites, but who do not have to create users or sites.
Dev	A source for creating pages on your site. Some of these sources are: Templates, Product Definition, Content Definition, and other sources for the creating pages.
Site Navigation	Represents the layout and overview of the site. This tab shows each site that is controlled by WebCenter Sites. It lists the placed pages and the unplaced pages. The placed pages are pages which are created and have been integrated into the live site. Unplaced Pages are pages which are finished but are not integrated into the live site.
Workflow	Lists the workflow configuration functions. By default, only users with the Workflow Admin role have access to this tab.