Managing Content Repositories 11-19

11.2.3.2.2 How to Configure Item Level Security To configure Item Level Security ILS:

1. Log on to your Oracle Content Server instance.

2. From the Administration menu, choose Admin Server to open Component

Manager .

3. In the Component Manager section, click the Advanced Component Manager

link.

4. In the Advanced Component Manager page, scroll down to the Disabled

Components list, select RoleEntityACL, as shown in Figure 11–7 , and then click Enable . Figure 11–7 Advanced Component Manager - RoleEntityACL Component

5. From the Options pane on left, select General Configuration.

6. Under the General Configuration page, in the Additional Configuration

Variables box, add the following parameters: UseEntitySecurity=1 SpecialAuthGroups=PersonalSpaces,applicationName where: SpecialAuthGroups is a comma separated list no spaces allowed between values of security groups. The ILS option is enabled only on content in these security groups. For WebCenter Spaces, the name of the application, in which all Space content is created, defines the name of a security group. You can find the application name using either Fusion Middleware Control or WLST. In Fusion Middleware Control, the application name is displayed as part of the Oracle Content Server default connection in the WebCenter Spaces connections. In WLST, the application name is shown using the listDocumentsSpacesProperties command, for example: listDocumentsSpacesPropertieswebcenter The Documents Spaces container is myspacesroot The Documents repository administrator is weblogic The Documents application name is myspacesapp - applicationName See Also: Setting Security Options for a File in Oracle Fusion Middleware Users Guide for Oracle WebCenter. 11-20 Oracle Fusion Middleware Administrators Guide for Oracle WebCenter The Documents primary connection is myucm For WebCenter Portal applications, the applicationName is the name of the security group in which content is created. 7. Restart Oracle Content Server.

11.2.3.2.3 How to Configure Additional Settings for WebCenter Portal Applications For a

WebCenter Portal application, in addition to the steps described in Section 11.2.3.2.2, How to Configure Item Level Security , ensure that all users by default are granted RWDA on the WCILS account. To do this, use the SET_DEFAULT_ATTRIBUTES service. For information about the SET_DEFAULT_ATTRIBUTES service, see the section SET_DEFAULT_ATTRIBUTES in Oracle Fusion Middleware Services Reference Guide for Universal Content Management. To run the SET_DEFAULT_ATTRIBUTES service through a browser: 1. From a browser, log into Oracle Content Server as an administrative user. 2. View the source for the page, and find the value of the idcToken. 3. While in the same browser window, enter the URL in the format: http:host:portcsidcplg?IdcService=SET_DEFAULT_ATTRIBUTESdECPropSubKey=Sec urity GroupdDefAttribs=account,WCILS,15idcToken=idcTokenIsSoap=1 For example: http:myhost.com:4444csidcplg?IdcService=SET_DEFAULT_ATTRIBUTESdECPropSubKe y=CustomdDefAttribs=account,WCILS,15idcToken=1291297336399:6E324367FC9D2F8BE5 25F4CEBF4463FCIsSoap=1

11.2.3.3 Configuring Security Between Oracle Content Server 11g and WebCenter Portal Applications

To configure Oracle Content Server 11g to work with a WebCenter Portal application, you must first set up content security and users in a development environment and then migrate them to a production environment. For detailed information about security, see also the chapter Managing Security and User Access in Oracle Fusion Middleware System Administrators Guide for Universal Content Management. This section describes the following mandatory steps: ■ Creating security groups: Security groups are required for folders so the folder content can be restricted or its access can be customized based on who should view, edit, or manage the folder content. To create security groups follow the steps in Section 11.2.3.3.1, How to Create a Security Group using the Oracle Content Server Console. ■ Creating folders: Folders include content such as files, subfolders, images. To create folders, follow the steps in Section 11.2.3.3.2, How to Create a Folder using the Oracle Content Server Console. ■ Creating roles: Roles are created with different permissions such as, read, write, delete, administer. First you must create roles in Oracle Content Server, as described in Section 11.2.3.3.3, How to Create Roles using the Oracle Content Server Console and then for the WebCenter Portal application, as described in Section 11.2.3.3.4, How to Create Roles Groups using the Fusion Middleware Control Console. ■ Creating users: Users are assigned different roles based on their roles and responsibilities in their organizations. Create users as described in Managing Content Repositories 11-21 Section 11.2.3.3.5, How to Create Users using the Fusion Middleware Control Console and then grant roles to these users, as described in Section 11.2.3.3.6, How to Grant a Role to a User using the Fusion Middleware Control Console. ■ Migrating security: Migrate these security groups, folders, users, and roles to your production environment. For information, see Section 11.2.3.3.7, How to Migrate Security to a Production Environment. or directly go to Section 27.2.5, Post-deployment Security Configuration Tasks. The procedures described in this section apply to the Documents service including wikis and blogs and Content Presenter.

11.2.3.3.1 How to Create a Security Group using the Oracle Content Server Console To create

a security group: 1. Log into the Oracle Content Server Console as an administrator.

2. From the Administration menu, choose Admin Applets.

3. On the Administration Applet page, click User Admin to display the User Admin

dialog.

4. From the Security menu, choose Permissions by Group.

5. In the Permission By Group dialog, click Add Group.

6. In the Add New Group dialog, enter a group name, for example, WikiBlog.

7. Click OK.

This security group will be assigned to the Security folder that you will create in the next section.

11.2.3.3.2 How to Create a Folder using the Oracle Content Server Console To create a folder:

1. Log into the Oracle Content Server Console as an administrator.

2. From the Browse Content menu, choose Contribution Folders to display the root

directory in which you will create a folder.

3. On the Contribution Folders page, from the New Item menu, choose New Folder

to display the Hierarchy Folder Configuration page. 4. In the Virtual Folder Name field, enter a meaningful name, for example WikiBlog. 5. Under the Folder Information section, in the Title field, enter a meaningful title, for example, WikiBlog.

6. From the Security Group dropdown, select WikiBlog that you created as

described in Section 11.2.3.3.1, How to Create a Security Group using the Oracle Content Server Console . All items in this folder will inherit the security from this security group.