Creating users

The Enterprise Portal installation automatically these security users:

• PortalSecOfficer (PSO) – automatically defined when you install and configure Enterprise Security. By default, the PSO user has the PortalSecOfficer and StudioAdmin roles, which makes him a superuser in the default Security domain and in the root portal organization.

  WARNING! Do not remove the PortalSecOfficer role from or add the PortalGuest role to the PSO user. Either of these actions may disable Web Studio.

  By default, the PSO has complete access to Web Studio operations, which are the same privileges that the OPSUPER user had in pre-6.0 versions of EP.

  Generally, the PSO sets up initial security for the domain and the organization, including creating the portal’s users, but PSO can perform all other Web Studio functions as long as they have the StudioAdmin role.

  Once the PSO has set up the portal’s users, including the Web Studio administrator, you can remove the StudioAdmin role from the PSO to prevent that user from interacting with portal objects. See “Administering roles” for instructions.

  When the PSO creates a new user in the security organization, that user gets mapped to a Web Studio user when they have been granted a Web Studio role. The user name also displays in the Manage | Studio | Users list after the first time the user logs into Web Studio and selects a resource.

• PortalAdmin – the portal administrator. If you want this user to represent your portal administrator, grant this user the StudioAdmin role.

  Enterprise Portal lets you enable the deploy functionality for Web Studio users with the PortalAdmin role, as described in the global.properties.xml portal configuration file:

  <Property name="PortalAdministrationRole"
  value="PortalAdmin" description="The J2EE role 
  required to administer the Portal performing export/import and update operations." menugroup="-1" />
  

  WARNING! This property is designed for a single role and not a list of roles. There is no parsing of the string to look for multiple roles.

• PortalGuest – a role for the EP guest account. After you install and configure Enterprise Security, the guest account allows users to log in to your portal. The login name for the guest account is “guest”; the password is also “guest”.

  WARNING! Do not delete the guest account. It is required for Enterprise Portal.

  Enterprise Security automatically creates the PortalGuest role and grants the role to the guest account. The sole purpose of the PortalGuest role is to enable self-registration in Portal Interface. The guest account does not have permission to access any assets. The system can have only one guest role. The guest role is valid for an indefinite period.

• PortalUser – a role for Portal Interface users. Users with this role can work with any Portal Interface object, but cannot access Web Studio objects.

• ReadAllListAll – reserved for future use.

• PortalWebPlugin – related to the security Web server plug-in that protects assets stored in the ACDB from unauthorized access. See the Enterprise Security Administration Guide, Chapter 10, “Configuring the Web Server Plug-in.”

To create the organizational hierarchy for your enterprise, see “Managing Organizations and Suborganizations” in Chapter 2, “Setting Up Security” in the Enterprise Security Administration Guide.

For detailed instructions on creating users, see “Creating and Managing User Accounts” in Chapter 2, “Setting Up Security” in the Enterprise Security Administration Guide.

Creating a new user to access Studio assets and security

There are two security assets—EPStudio.Studio and EPStudio.Personalize—with their own set of permissions. Each user must have permissions for one of these assets to see the Web Studio Manage | Studio and Manage | Personalize menu options.

1. Log in to Web Studio as the Portal Security Officer. Enter the user name “pso” and the password “123qwe”.

2. Select Administer | Organization from the menu in the left pane.

3. Select Users and click New on the Organization Manager toolbar.

4. When the Create New User window displays, complete the fields. Click Help to see a description of each field.

   Do not use “opsuper” for the Login Name. This user does not exist in EP version 6.0 and later.

5. Click OK.

6. Grant the new user roles to have all permissions.

   1. Right-click the user you just created and select List Access Permissions. There are no permissions listed for the new user. Click OK.

   2. Right-click the user you just created and select Edit Roles.

   3. When the Edit User Roles window displays, select StudioAdmin, and click Add. The installer creates this role with all permissions.

   4. Click OK.

   5. Right-click the new user and select List Access Permissions. The permissions that display are based on the roles you granted the user.

   6. Click OK.

7. Log out.

8. Log in as the new user.

9. When prompted, select the “Portal” resource.

   Users are grouped under resources. Each resource corresponds to an EP co-brand. Co-brands can represent companies, divisions, departments, and so on. The first time a user logs in to Web Studio, he or she is prompted to choose a resource ID (RID).

10. Create some portlets and pages to use the permissions that were granted to this user.

Creating groups

Groups are collections of users. If you grant a role to a group, each user in the group has that role.Enterprise Security supports only one self-registration group, which is, by default, installed into the root organization. This allows users to self-registering in the root organization or any of the suborganizations. To use Portal Interface and Web Studio, grant the PortalUser role to the self-registration group.

1. In Web Studio, select Administer | Organizations.

2. Select Groups. The Enterprise Security installation automatically creates one group—SelfRegGroup.

   New users log in to Portal Interface. From Portal Interface, they register with the portal and become members of the Enterprise Security self-registration group. By default, the self-registration group is granted the PortalUser role, which allows Enterprise Security to perform portal access checks.

To create additional groups and populate the groups with users, see “Creating and Managing Groups” in Chapter 2, “Setting Up Security” in the Enterprise Security Administration Guide.

Administering roles

Roles are sets of permissions to access assets. The permissions assigned to a role define what a user with that role can do in the secured system. Each role can have multiple permissions assigned to it. Examples of permissions are create, update, administration, security, and management.

1. Select Administer | Organizations.

2. Select Roles. Enterprise Security has one default role—PortalSecOfficer. Web Studio has these default roles—PortalAdmin, PortalGuest, PortalUser, PortalWebPlugin, ReadAllListAll, and StudioAdmin.

3. Select New to create a new role.

See “Creating and Managing Roles” in Chapter 2, “Setting Up Security” in the Enterprise Security Administration Guide.

Administering assets

Assets are any portal object to which you want to restrict access. An asset can be a page, a portlet, a catalog, and so on.

1. Select Administer | Organizations.

2. Select Assets.

   See “Creating and Managing Assets” in Chapter 2, “Setting Up Security” in the Enterprise Security Administration Guide.

   When you install Enterprise Portal and Enterprise Security, the predefined assets and permissions shown in Table 2-2 are created under the root organization. In Web Studio, the permission names are actually preceded by “EPStudio.”.

   Table 2-2: Predefined assets and permissions

   Assets	Permissions
   EPStudio.Adapters	Create, Delete, Edit, Find, Manage, ViewLog
   EPStudio.Agents	Broken, Create, Edit, Deleted, Find, Manage, Ready, Run, Stopped, ViewLog
   EPStudio.Applications	Approved, Archived, Broken, Create, Deleted, Display, Edit, Find, Manage, New, Pending, Properties, Refresh, Rejected, Shared, SkipWorkflow
   EPStudio.Catalogs	Approved, Archived, Broken, Create, Deleted, Display, Edit, Find, GetShared, Manage, New, Pending, Preview, Properties, Rejected, SelectCompany, Shared, SkipWorkflow
   EPStudio.PageGroups	Approved, Archived, Broken, Create, Deleted, Display, Edit, Find, Manage, New, Pending, Properties, Refresh, Rejected, Shared, SkipWorkflow,
   EPStudio.Pages	Approved, Archived, Broken, Create, Deleted, Display, Edit, Find, Manage, New, Pending, Properties, Refresh, Rejected, Shared, SkipWorkflow
   EPStudio.Personalize	Create, Delete, Edit, Manage
   EPStudio.Portal	Deploy, Export, Import, Manage, UpdateCatalog, UpdatePage
   EPStudio.Portlets	Active, Approved, Archived, Broken, Create, Deleted, Display, Edit, Element, Find, GetShared, Manage, New, Pending, Preview, Properties, Publish, Rejected, Replace *, SelectCompany, Shared, SkipWorkflow * The Replace permission is not used. To have the Replace button display for a user in Web Studio, the user must be in the RoleBaseDisplaySeeAllRoles security role as specified in global.properties.xml.
   EPStudio.Resources	Create, Delete, Edit, Manage, Undelete
   EPStudio.Roles	Create, Delete, Edit, Manage, Undelete
   EPStudio.Servers	Broken, Create, Delete, Deleted, Edit, Find, Manage, Ready, Stopped, ViewLog
   EPStudio.Studio	Manage
   EPStudio.Templates	Active, Approved, Archived, Broken, Create, Deleted, Edit, Manage, New, Pending, Preview, Rejected, Shared, SkipWorkflow
   EPStudio.Users	Edit, Delete, Manage

Copyright © 2004. Sybase Inc. All rights reserved.

View this book as PDF