User authorization

 

This topic describes the "User authorization" feature that you can add to an alert definition to limit who can subscribe to the definition's alerts.

To restrict access to alerts, select people for the User authorization feature in an alert definition. The people selected here represent the collection of users authorized to subscribe to this definition's alerts. For these users to receive these alerts in the My Alerts portlet, they must enable the Subscribe option in the Subscriptions tab in the personal settings for the My Alerts portlet. Users not listed in the User Authorization screen cannot subscribe to this definition's alerts.

The alerts engine follows these rules to determine who can subscribe to the alert associated with the definition.

 

• The definition contains user names only.

  The alerts engine verifies the user's name when an application or portlet queries the alerts engine for alerts.

   

• The definition contains role names only.

  The alerts engine determines access based upon the user's assigned roles.

   

• The definition contains both user and role names.

  The alerts engine only allows specific users in the specified roles access to subscribe to the alerts.

Note: User verification and authentication are the responsibility of the application or portlet. When an application or portlet queries the alerts engine for a set of alerts, it must tell the alerts engine the name (and roles) of the user on whose behalf it is making the request. The alerts engine does not verify that the user is actually running the application or portlet, nor does it verify that the role names are correct for the user. Parent topic: Features of alert definitions

---

Library | Support | Terms of use |

Last updated: Thursday, March 15, 2007 11:57am EST

This information center is powered by Eclipse technology. (http://www.eclipse.org)