Thanks all for attending my session on WebCenter Portal Security. The slides are here.
In PS3, the WebCenter Portal Framework allows you to create page hierarchies. As you may know, it is typical to manage Portal pages in a hierarchical way. The hierarchical structure allows ease of management and security provisioning. In this blog post, I want to give a quick overview of the new model for securing page hierarchies. Here is the algorithm:
- root page has a default entitlement (policy)
- subordinate pages may inherit entitlement from parent page
- subordinate pages may override default by specifying a new entitlement
- to be able to a view a page, one should have “view” access on all parent pages in the hierarchy
Let’s look at an example. All the subordinate pages – i.e. “hardware”, “software”, “warranty” pages inherit entitlements from “products” page. Here, we have placed an entitlement on products page. The entitlement grants access rights to the marketing-role.
Subordinate pages (like “hardware”) inherit entitlements from “products” page. i.e. marketing-role has all access rights that it was granted at the “products” page level.
Now, lets see the effect of these entitlements at runtime. Login as mark (marketing-role). He should be able to create a subordinate page under “products” and also perform operations like “edit” for all pages under “products”.
If we login as another user (say “sam” who is not in marketing-role), he will not be able to create a subordinate page (see “create page” option is disabled) and perform operations like “edit” etc. for any page under “products”
For more detailed information, refer to “Securing your WebCenter Portal Application” section in WebCenter Developer Guide here.