WebSphere Portal Authorization
Authorization is sometimes referred to as access control. Authorization determines what interactions a user is permitted to have with a resource. Administrators configure access to portal resources by assigning roles to users and groups.
WebSphere Portal supports fine-grained access control over resources. Users can select and view only those resources for which they have appropriate access rights. When rendering a resource, WebSphere Portal verifies that the user has appropriate rights to use the requested resource. Access rights are administered through the User Group Permissions and Resource Permissions portlets and stored in the WebSphere Portal database by default. Alternately, you can configure an external security manager, such as Tivoli Access Manager, to protect resources.
Users must successfully authenticate before they are authorized to access a resource. Other than the requirement for a successful authentication, authorization is independent of WAS or any custom authentication proxy. WAS protects servlets and enterprise beans, but WebSphere Portal protects its own internal resources, such as pages and portlets.
See also
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.
Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.